Secure email and awareness go hand in hand - Sirjon case study

"At Sirjon, I am effectively responsible for information management across the organization, including security," is how Barry van Daalen begins his story. As an information management consultant, Barry is responsible for data protection across the entire organization, together with his colleague Bas Keijzer, a privacy officer.  

And what an incredible organization it is! Sirjon is a care organization with a heart for the people they work with. Sirjon takes on the task of caring for the vulnerable in our society: the elderly and people with disabilities. Sirjon operates based on the belief that love for our neighbors connects one another. A wonderful mission statement! 

 Source: https://www.linkedin.com/company/zorggroep-sirjon/

More than 1200 employees within Sirjon take care of their clients, which makes security a large and complex task.

“Other solutions will get you far, but the awareness is missing.” 

With the magnitude of their organization in mind, Barry and Bas soon began a scan for the NEN 7510, the standard for information security in healthcare.   

"We started that process because we wanted to know how the state of our organization with regards to information security, and that's how we arrived at secure emailing." 

During their search, it became apparent that a number of providers could not quite provide the right solution. 
  
"As a healthcare institution, we have to comply with the NTA 7516. On the one hand that means we are concerned with NTA 7516 compliance, but on the other hand, it is important to us that we guarantee the privacy of our clients. We primarily use Office 365, so we first looked at what they could do for us. We were not entirely satisfied with their solution: it gets you quite far, but you need many different add-ons to arrive at NTA 7516 compliance. Furthermore, the awareness we were looking for is missing entirely. More importantly, the choice to encrypt a message always lies with the (healthcare) employee, and we see in practice that things can go sideways quickly there." 

What was your challenge?

"Of our 1,200 employees some will be using the Smartlockr SMTP Relay Service and some will be using the Smartlockr plug-in. With that many employees, a secure email solution should not become an additional hurdle in staying secure. In fact, if it's a stumbling block, people find ways to start working around it."

“Awareness should not become an annoyance.” 

"We do the application management ourselves, but we have outsourced our technical IT. Therefore you want people to be as self-sufficient as possible, so we went looking for a provider who could help us with a secure email solution while simultaneously raising awareness.   

We've compared several providers on the NEN website. One of your competitors paid close to no attention to awareness and the app fired off a multitude of questions before you were able to send an email out. That didn't fit our expectations of user-friendliness at all.  

With Smartlockr, not only is this awareness is built into the plug-in but you also have the option to withdraw an email. That provides extra peace of mind, because especially in healthcare you don't want to put an extra burden on people." 

And what about the NTA 7516? 

“A provider can be certified for the NTA 7516 on different parts and then there's the part that organizations need to arrange themselves. Of course, that means that a provider can't take care of everything but Smartlockr also offered to help us fill in the last part. That's great and made you approachable!

“Smartlockr was like a partner to us.” 

We ultimately decided on our choice for a secure email solution with the three of us: the privacy officer, the IT-consultant and me. We had and continue to have the best gut feeling with Smartlockr; you guys really emerged as a partner. The entire process was pretty easy and that was a big reason of why we chose you. We are all convinced that you can offer the right solution."