How LogPoint helps RAM Infotechnology achieve super-compliance in healthcare IT services

LogPoint enables RAM Infotechnology to stay compliant with an impressive array of industry standards, while at the same time boosting cybersecurity and opening a new revenue stream providing managed SIEM services to end-customers.

Background

RAM Infotechnology is a Dutch IT services company, specializing in IT outsourcing, managed services and cloud-based services. Headquartered in Utrecht, the company has 180 expert employees primarily serving the public healthcare sector and payment processing industry. While inherently different industries, they are joined by extreme requirements for cybersecurity, and protection of personal information.

In the Healthcare sector, RAM Infotechnology handles more than 15 million electronic patient records, primarily within elderly care and psychiatric care. To ensure the highest possible standards in handling sensitive information, RAM Infotechnology has invested in an array of certifications, including ISO 9001, ISO 14001 and ISO 27001, the NEN 7510 extension to ISO 27001 and the SOC 2 Type 2 based on the ISAE 3000 framework. As a service provider to the payment processing industry RAM Infotechnology also adheres to the PCI-DSS standard and needless to say, RAM Infotechnology also complies with the EU General Data Protection Regulation (GDPR).

RAM Infotechnology also operates a Security Operations Center (SOC) and a state-of-the-art Data Center for infrastructure hosting and application hosting. The company also offers advanced Disaster Recovery services, based on real-time replication of client IT environments rather than traditional backup, ensuring minimal recovery time for business-critical applications.

I like the LogPoint concept: The modular design, the layered setup, and the way the system fetches and collects data. I like that you can add nodes and not be concerned with data increases and consequently higher costs. I don’t like systems that have variable cost, which is always something that makes financial managers uneasy
Frank Waarsenburg, CISO, RAM Infotechnology

The challenge

To document compliance with the array of standards applied to RAM Infotechnology operations, the company needed a SIEM solution able to provide log collection and analytics across the entire infrastructure, including the company hosting center and in the Microsoft Azure cloud.

A key reason for the requirement was the pursuit of compliance with the NEN 7510 extension to the ISO 27001 standard. While log collection and analytics is usually handled at the application level, that is not the case on the server level. An efficient SIEM solution was needed to document access to databases, file servers, etc. to comply with the standard.

“At RAM Infotechnology, we handle massive amounts of sensitive data. Compliance with standards is not only a customer requirement but it’s also our way to prove that we have taken all possible measures to protect the data that our customers entrust us. It’s our way to walk the talk, so to speak,” says Frank Waarsenburg, CISO at RAM Infotechnology.

The solution:

Download the full case to learn how RAM Infosecurity boosts cybersecurity with LogPoint: