CUSTOMER SUCCESS STORY
ZOLL Meets Data Compliance Mandates with User-Friendly SFT Solution
Established in 1983 by Dr. Paul Zoll, Professor Emeritus of Harvard Medical School and former Chief of the Cardiac Clinic at Beth Israel Hospital, ZOLL Medical Corporation has continually made significant contributions in the field of resuscitation. Perhaps best known as a leading producer of automated external defibrillators (AEDs), ZOLL is a leader in medical products and software solutions that help responders manage, treat, and save lives in emergency situations, as well as increase the efficiency of emergency medical, fire, and hospital operations around the globe.
As a business that deals with the research, development and sales of medical devices, the secure transfer of information both within the company and externally is critical. In fact, it’s mandatory.
“We have compliance mandates that we must adhere to,” says Joseph Tennyson, Director of IT for ZOLL Medical Corporation in Chelmsford, Massachusetts. “Really, there are three standards—Mass compliance¹, PCI (Payment Card Industry) which is the credit card standard and HIPAA²—for the transmission of information in an encrypted format over a network, whether it’s via email or FTP.”
Before implementing SFT, ZOLL used Cisco’s secure email solution, IronPort and secure FTP. “Both are relatively clumsy solutions for a user,” states Tennyson. “The problem with IronPort was that the registration process was awkward for users. Recipients had to register each and each and every time they used it.” As for SFTP, Tennyson found that FTP sites “can grow wildly and be difficult to maintain. You never really know within a pure FTP environment whether a user successfully got a file; there are no audit trails built into the product.” Even though ZOLL used FTP “significantly” SFTP requires software at both the client’s site and the user’s site.
Additionally, two groups in particular—technical service and customer service—occasionally had to send out patches or other executables. “I don’t think anyone allows executables or anything launchable anymore through email, yet users want to send them. And users want one vehicle: email.”
- Required secure, auditable method for sending data in order to meet compliance mandates
- Current tools were “clumsy” for end users
- Needed to send large files to recipients who had email attachment limits
- No audit trail for file transfers
- Biscom Secure File Transfer
- Met three different compliance requirements
- Eliminated Cisco IronPort and replaced SFTP servers
- Achieved ease of use requirements for both internal and external end-users
It does what we wanted it to do, it’s working and I don’t have to think about it.Joseph Tennyson
Seeking a User-Friendly Solution for Both Email and Web-based Data Transfers
”Our goal was to have a tool that helped meet compliance in those three areas (HIPAA, PCI and Massachusetts compliance). That was key,” says Tennyson. “The next key was to create a better user experience for utilizing email due to restrictions on attachment size limits and attachment types.”
In addition to the groups who needed to use email for secure data transfer, one particular group, Clinical Affairs “whose responsibility is to manage case studies with doctors’ offices and our product” needed a solution to manage communications relative to the study. “And that solution had to be a Web-based application and also had to have security standards,” according to Tennyson.
One Simple Solution Replaces Two “Clumsy” Products
In terms of meeting their primary goal of meeting compliance mandates and the secondary goal of creating a simpler user experience, Tennyson reports that “SFT has effectively met those goals.”
“Just meeting the compliance goals pays for itself in the time it’s saved me,” says Tennyson. “If we didn’t use SFT, I’d have to create some kind of audit trail or guarantee that we’re meeting compliance every time we send an encrypted document.”
In general, users at ZOLL use the Outlook add-in to send confidential data, “because email is what they use and what they know,” notes Tennyson. Attachment size limits are no longer a problem for senders or recipients and neither are the requirements for client software for SFTP transfers. Additionally, before SFT, according to Tennyson, “files would build up on the FTP network, and we’d still have no audit trail. Biscom has addressed all those needs.”
ZOLL no longer uses Cisco’s IronPort; SFT acts as a secure email alternative. “We’ve totally eliminated it,” says Tennyson. “We’ve told people to stop using it.” As for using SFTP, Tennyson reports that it’s used less frequently. “When someone asks us to set up an SFTP site, we automatically transfer the request from an SFTP request to a SFT request and set up Biscom for them.”
Not only are the end-users experiencing more ease-of-use, “it does what we wanted it to do, it’s working, and I don’t have to think about it,” Tennyson says with a laugh. “It’s usually the case that I do have to think about a solution, have resources allocated to it, and personally monitor it. That is definitely not the case with SFT.“