How Singular Health Fast-tracked Multi-Framework Compliance for Global Expansion
Prescient Security
·
2 minute read
About Singular Health
Singular Health (ASX: SHG) is a Western Australian medical technology company listed on the ASX, developing software solutions, as 3DICOM Viewer, that empower patients and practitioners to better visualise, communicate, understand, and share medical imaging data, enhancing decision-making, improving patient outcomes, and reducing unnecessary costs.
The Challenge
Singular Health was preparing to enter into a business contract with a U.S. based healthcare company. As a part of the third-party due diligence process, Singular Health was required to demonstrate compliance with three major frameworks with tight timelines and overlapping but distinct requirements - SOC 2 Type 2, ISO 27001, and HIPAA.
Chief Quality Officer Andre Marchezini Rocha recalls the pressure:
“We had to get ready for a pilot project in the U.S., and compliance was non-negotiable. We needed all three certifications within a very short timeframe.”
To add to the complexity, Singular Health was also initiating GDPR compliance and planning for future frameworks like HITRUST and ISO 42001 (AI management).
Why Prescient Security
Singular Health was referred to Prescient Security by their security advisor (Security Consultants OÜ) due to their strong global partner ecosystem. After carefully evaluating number of options in the market, they chose Prescient Security based on two key factors:
- A track record of delivery under pressure
- Competitive bundle pricing for multiple frameworks
“Prescient Security came recommended. We took calls with a few vendors, but you guys worked out best for us,” Andre said.
Solution
To meet Singular Health’s urgent compliance requirements, Prescient Security worked on a custom multi-framework audit strategy. It was designed to comprehensively cover the stringent clauses of SOC 2 Type 2, ISO 27001, and HIPAA. The engagement was designed to complete all three certifications within a five-month window, a critical deadline tied to a U.S. market entry contract.
Prescient Security’s audit approach focused on three key factors to ensure quality and timeliness:
- Parallel audit windows: Delivering within a tight deadline was challenging. To save time and minimize effort, the team worked on all frameworks in parallel, allowing Singular Health to move quickly without delaying their go-to-market timeline.
- Flexible scheduling and coordination: Prescient Security’s team set up critical conversations around delivery expectations and key activities in a way that aligned with Singular’s internal availability. Chalking out this coordination schedule helped them avoid stretching the bandwidth to accommodate unnecessary meetings while completing meetings to fit their working hours.
- Framework specific team: To meet framework specific requirements thoroughly, a dedicated team with subject matter expertise on each regulation was assigned. This helped avoid rework and pass audit checks without losing timeline velocity.
The Result
While Singular Health experienced some overlap in evidence requests due to separate audit teams, they acknowledged the overall process was frictionless and well-coordinated. The positive feedback from this project has been incorporated into Prescient Security’s internal process to improve internal handoffs and reduce duplicate efforts.
Singular Health successfully achieved SOC 2 Type 2, ISO 27001, and HIPAA certifications in under five months. This fast turnaround let them to:
- Reach readiness for a pilot with a U.S. healthcare customer.
- Access PHI and PII data securely for daily tasks while staying compliant
- Built and maintained trust to win potential US clients, improving early-stage conversations, and shorten the sales cycle
With the certification success and a strong foundation for future audits (like HITRUST and ISO 42001), they are steadily expanding into new markets.
