Agio, the progressive managed infrastructure and cybersecurity firm, specializing in the alternative asset management space, found that high-stakes investors were shying away from the uncompensated risk of a cyberattack.
During a comprehensive penetration test for one of our enterprise clients, we recently discovered a vulnerability affecting the default installation settings for the Bloomberg Professional Client software—a vulnerability which had the potential to compromise over 300,000 Bloomberg subscribers.
In response to the recent National Exam Program Risk Alert, published by the Securities and Exchange Commission’s Office of Compliance and Inspections and Examinations (OCIE), Agio has announced a refined Security Risk Assessment offering that directly meets the compliance requirements put forth by the SEC.
As the US economy begins to pick up pace, the number of hedge fund launches has also begun to rise. But although many of the challenges faced by managers are still very much the same – including capital raising and establishing a robust business strategy – firms will be entering a different playing field from years past.
Agio provides managed IT and cybersecurity services to firms at every stage, including technology hosting, monitoring, management, disaster prevention and recovery, managed security, cybersecurity consulting, and other high-end services.
Agio Infrastructure Gap Analysis provides a definitive analysis of your current IT environment, business needs and the technologies and services available to bridge current and future gaps. Through our extensive discovery process, we identify current risks and limitations, and create a strategic plan, which ensures scalable growth. ×
Server & Storage Consolidation
Agio Server & Storage Consolidation identifies areas of consolidation, enabling you to retire unneeded hardware and gain advantages in flexibility, scalability and data center automation. Our team assesses your existing environment to develop a detailed consolidation strategy designed specifically to meet your objectives. This comprehensive plan will help:
Simplify your infrastructure and increase flexibility by reducing the number of physical devices
Reduce operating costs by lowering space, energy, maintenance and management expenses
Increase availability as resources are consolidated into high-availability solutions, minimizing downtime and improving performance
Agio Security Assessments comprise a comprehensive suite of compliance and IT security assessments, designed to provide you with confidence and knowledge about your security and compliance posture in a world of rising regulation and evolving threats. Through a variety of engagements, grounded in industry best practices and honed by years of experience, we can assist you with:
Assessing, understanding and managing your risk with respect to valued data assets
Assuring compliance with regulatory and institutional investor requirements
Revealing, classifying and mitigating real vulnerabilities through extensive penetration testing
Delivering a gap analysis of your security program, policies and systems against industry best practices and relevant compliance standards
Managing the IT Security component of your compliance initiatives
Developing a strategic plan of action to remedy compliance gaps and security vulnerabilities
Providing a Governance and Risk Compliance Program to ensure compliance and security posture is maintained
Agio’s Data Center Migration service is a strategic initiative, which can increase business agility, reduce total cost of ownership (TCO), meet regulatory and institutional investor requirements, and provide for future growth. Your data center is the mission-critical service delivery platform for your firm, and migration of the data center is a complex, large-scale change management effort, which imposes significant investment and risk. A successful data center migration should address business, architectural and operational challenges across the entire IT stack. Our team assesses the migration risks across business applications, dependent upon your technology infrastructure such as server, storage and networks. We also consider the complexities and nuances of your particular business environment to determine which applications are truly cloud-ready. Agio then creates a detailed plan, unique to your firm, allowing you to:
Create an effective strategy allowing for future growth
Reduce operating costs by lowering space, energy, maintenance and management expenses
Increase availability as resources are consolidated into high-availability solutions, minimizing downtime and improving performance
Utilizing virtual servers, firms of any size benefit from enterprise-class security, redundancy, and performance with the convenience of Agio’s flexible, service-oriented model. The Agio Private Cloud provides:
Secure private hosting, including encrypted data transmission and storage, based on proven best practices. We ensure any data created, processed, transmitted, or stored by your firm maintains appropriate confidentiality, integrity, and availability.
Full compliance with the SSAE 16 SOC Type 1 and 2 standards.
Dedicated IT staff, providing 24X7X365 support.
Agio Managed Public Cloud
Amazon Web Services (AWS) is a highly optimized cloud infrastructure that allows you to take advantage of a dynamic environment without you having to provide the infrastructure. But the downside is that this is where the service ends. AWS requires you to manage and maintain your cloud environment, including all of the complexity and time involved. To meet this need, Agio offers a full service cloud management offering partnered with AWS’ infrastructure. We take care of everything—from the implementation and migration of your environment, to ongoing support and billing.
Our solution includes hosted, secure email with a 99.99% uptime guarantee, message encryption, mobile device support, and compliance archiving, that covers email, instant messaging (IM), Bloomberg, SMS, and social media. We work with best-in-class partners, including Intermedia, Intel Security, Office 365, Proofpoint, Global Relay, and Smarsh. ×
Our Voice Solution offers robust calling features, greater mobility for remote users who only need the Internet to connect, and greater flexibility for organizations needing to move offices, open new locations or staff dynamically. Our Voice Solution enables your staff to be more efficient and productive. ×
Agio’s Disaster Recovery solution provides high availability for crucial systems by replicating mission critical data to two remote, fully redundant data centers geographically isolated from your primary location. Accessible by an Internet connection, you have convenient, fast, reliable access to your essential applications, including trading systems. Most importantly, Agio manages and executes the failover from production to DR, and back to production, to ensure your data is correctly synced between environments. ×
On-Site End-User Support
Through our on-site desktop support service, your dedicated Agio resource can leverage the entire multi-disciplinary knowledge of Agio’s Client Services team to fix your issues by your side. Our on-site team embodies Agio’s commitment to excellence and superior customer service, while understanding each firm and every environment is different. That’s why we partner with you to help manage our resource to embody your values, as well as our own. ×
Remote End-User Support
Remote End-User Support is dedicated to keeping you up and running at all times. We offer unlimited, 24x7x365 access to our dedicated team of experienced support professionals, in combination with Agio’s unique Enterprise Service Platform (ESP), to ensure each incident is given priority and resolved in a timely manner. With years of experience, and access to a centralized solution repository for best practices, Agio engineers are trained to effectively and efficiently resolve any IT issue you may encounter. By leveraging our highly qualified and certified technical staff, recruiting, training, and fulfillment of IT resources become a thing of the past. You can now concentrate on your business, not your help desk. ×
Agio’s Access Management Service offers a repeatable access control and data governance program, ensuring all access requests are approved by your appropriate business owners and recorded for audit controls. With a data analysis and certification framework to review and approve access on a recurring basis, we ensure your users only have access to the appropriate systems required. Additionally, Agio offers a structured, repeatable process to manage new hires, transfers and terminations. ×
Agio Monitoring System (AMS)
Transparency is critical, and we think you have the right to it. That’s why we developed a custom monitoring application called Agio Monitoring System (AMS) that allows us to effectively monitor your infrastructure in real-time, while providing you with complete visibility. With AMS, we monitor devices, users and applications across the entire IT infrastructure—on premise, in the cloud or a hybrid model—from this uniquely designed application. By combining performance and availability with monitoring via powerful real-time analytics to rapidly identify incidents and operational –impacting problems, we keep your business running with minimal disruptions. Imagine being able to see into your entire environment from behind a single pane of glass; this is the essence of AMS.
By leveraging our AMS tool, Agio’s Management Service offers five distinct benefits over traditional monitoring solutions:
CROSS-DOMAIN VISIBILITY | The AMS tool spans servers, storage, network, virtualization, databases
and applications to automatically cross-correlate metrics in real-time.
BUSINESS SERVICE MANAGEMENT | AMS provides an automated and scalable means to define business services, associated applications and infrastructure resources, understand dependencies, monitor key performance indicators and proactively monitor delivery of the business service
ROOT-CAUSE ANALYSIS | AMS is able to rapidly isolate, in real-time, the root cause of network issues, which is especially valuable in virtualized environments
CONFIGURATION MANAGEMENT DATABASE (CMDB) | AMS auto discovers and populates CMDB for server, storage, network, VMs, applications and end users, providing a complete repository of all components across the environment, as well as full auditing and reporting of configuration changes and patching
SCALABILITY | A single instance of AMS can monitor applications in data centers, private or public clouds, and remote offices
With our 24x7x365 Management Service, we manage your environment to actively reduce downtime through detection and remediation. From data collection, trending and capacity planning, to deploying changes to servers, troubleshooting and monitoring performance, Agio ensures your environment is in a healthy state, and stays that way. In fact, we deliver you weekly posture reports, including an at-a-glance summary, followed by a deep dive into data trends, system metrics, environmental changes and more so you know exactly what's happening in your environment.
Our infrastructure management platform can also be accessed by our service experts from anywhere, at any time, so there is never a single point of failure in terms of our systems or people. As an Agio client, you too have access to the AMS platform, offering a level of transparency that fosters loyalty and trust as we build our relationship with you.
By providing a managed and controlled environment with full reporting and accountability, our support model reduces your costs, while increasing end-user productivity. Specifically, offer four levels of monitoring and management:
LEVEL 0 MONITORING | Basic monitoring with escalation to client for all alerts. Agio provides the monitoring tools and resources, but all corrective action is completed by the client.
LEVEL 1 MANAGEMENT | Includes basic monitoring with additional responsibilities to carry out remedial actions as outlined and documented by the client. Examples are restarting services or rebooting a system.
LEVEL 2 MANAGEMENT | Includes Level 1 support with additional responsibilities to provide full system administration, problem remediation, proactive root cause analysis, capacity planning, and system patching and updating.
LEVEL 3 MANAGEMENT | Includes Level 2 support, and additional responsibility to provide engineering, such as architecture and design of new technology platforms, in collaboration with the client’s business or technology teams.
We offer unlimited, 24x7x365 access to our dedicated team of experienced client services professionals. Through remote and on-site desktop support, our engineers can leverage the entire multidisciplinary knowledge of Agio’s Client Services Team to fix your support issues. ×
Agio is so confident in our superior service model, we pledge it with a no excuses guarantee. For every month Agio fails to meet a service commitment to a client, we credit the customer with an additional month of service at no charge. End of story. ×
Zero Startup Costs
Starting a new fund can require significant capital outlays, but Agio believes having a world-class IT package need not be one of them. Only Agio offers emerging funds a zero startup cost option. With our no-guess-work, metric based service model you can easily predict your service costs and plan for future growth. No hidden surprises. Plus, we’re not concerned with long-term contracts, as we are fully committed to ensuring you’re extremely happy with the service you receive. ×
No matter how fast you grow, or how operationally complex your firm becomes, Agio SkySuite’s technology environment can scale up as quickly and seamlessly as your fund, without any interruption or the risks involved in having to change IT providers. Founded by senior technologists servicing many of the premier investment advisory firms, Agio has the people, processes and tools to provide an exceptional end-user experience from day one. ×
Up-and-Running in 30 Days
A newly formed fund founded by former investment banking professionals and utilizing a research driven strategy, required a cost effective, enterprise level infrastructure – and fast. The fund turned to Agio to provide recommendations for and implementation of a right-sized solution. By leveraging the Agio SkySuite framework, we were able to provide messaging, compliance, remote monitoring and management, and business continuity services, as well as the physical infrastructure, all for roughly half the average salary for a mid-level engineer. Best of all, we had them up and running in 30 days. ×
Doubled Their Coverage – Same Price
A growing firm, specializing in providing a platform for quantitative and analytical support, outgrew their existing support provider. As the firm reached an inflection point in their growth, they felt constrained by a lack of proactive outreach and creative problem solving in their existing relationship. Agio proposed an implementation focused on streamlining the firm’s processes and expanding both coverage and scope of support. By partnering with Agio, this firm was able to immediately reduce their costs associated with their hosted infrastructure environment, and then reinvest the savings into custom application development. The streamlined design increased system capability, and relieved the firm’s staff of many maintenance related tasks. The firm was able to refocus their valuable resources to developing future improvements to the firm’s platform.
By partnering with Agio, this firm was able to reduce the foot print of their hosted environment and increase end user satisfaction. ×
80 Hedge Funds Supported Daily
The Global Investment Bank’s Prime Brokerage Division (PB) contracted Agio to provide infrastructure and application support to their hedge fund clients based in the U.S. and EMEA. In July 2010, Agio took over the services and is currently providing support to PB's 80 hedge fund "tenant" clients, as well as over 600 of their hedge fund prime brokerage clients. Agio was required to meet the rigorous and demanding set of service level agreements and governance provisions of a global bank. After over a year of service, Agio has successfully met and/or exceeded every measurement and provision agreed between the two firms. ×
$8B Fund Improves Support with 22% Cost Savings
Agio joined forces with Point72, formerly SAC Capital Advisors, to collect intelligence that would effectively create a high-end technology infrastructure and application management services fulfilling their high expectations of service and solutions. From the beginning, Agio took over service desk management, managed and monitored IT infrastructure, managed databases and provided detailed governance services. Point72 also took advantage of Agio’s Application Services including QA resources, Application Support, Configuration Management, Application Development and Trade Floor Support. ×
Database Administration involves many different facets to make sure your systems are kept up-and-running, efficient and high performing. Agio Database Administration includes real-time 24x7x365 database monitoring and problem resolution. But we don't stop there; our dedicated database administration (DBA) team monitors alerts and responds to threshold, latency and job errors, while managing your databases and assisting your team with changes, space utilization, and security. Our DBA service includes:
Data Protection & Availability | We protect your data by ensuring your databases are backed up properly, as well as replicating them on a routine basis.
Performance | Agio has developed a comprehensive framework of tuning and housekeeping parameters to maintain your database environment in optimal condition.
Security & Best Practices | We make sure that your database security measures are up-to-date, keeping track of and managing changes for you, including the installation of security patches. We also implement best practices in terms of account management, roles, access permissions, and log reviews. All of our database operations are fully audited for complete transparency.
Capacity | Disk space management is crucial to avoiding application failure and data corruption. We closely monitor and report on capacity parameters on a daily basis in order to identify potential issues before they occur.
Problem Resolution | In addition to our database specialists, we have in-house networking and server specialists on-hand to identify and resolve issues. Even if the source of the issue is not clear-cut between network, operating system or database, we own the problem right through to the resolution.
Multi-Platform Support | We support a variety of platforms, including Microsoft SQL Server, Sybase, Windows and Unix.
Why It's Different
At Agio, we don't depend on out-of-the-box tools. As with many of our other service offerings, we developed a custom tool, called Agio Admin, which provides us with an inside look into your database environment, capturing up to seven days of information. Why is this special? When a problem does arise in your environment, we are able to go back in time to see what led to the issue, essentially reading a database environment like a history book. The more data that's available, the quicker the resolution. A speedy resolution means less downtime for you. And the best part? Unlike many expensive software packages on the market, we include Agio Admin as part of our overall Database Administration (DBA) service.
Amazing tools are only part of the equation. People and experience make up the difference. At Agio, we have seven dedicated DBA members on staff with 40+ years of combined experience, focused solely on administering database environments. This focus allows them to master their database expertise and focus on the task at hand, guaranteeing that you have a stellar team working to make your environment as highly optimized and efficient as possible.
Maintaining an effective security program requires diligence, focus, and a keen eye towards an ever-evolving threat landscape. Critical vulnerabilities are constantly being discovered, making day-to-day management of your security controls a must. Failure to detect and recognize malicious activity in your environment places your organization’s data and reputation at risk, not to mention the intellectual property loss, as well as operational, financial and legal risk you may face when dealing with a breach.
To assist our clients with what can sometimes seem like an insurmountable task, Agio’s Managed Security proactively monitors your environment 24x7x365 to help you create and maintain a strong security posture. With a focus on detection and response, Agio’s trained eyes examine key systems within your environment as we perform continuous vulnerability, suspicious activity and threat-based awareness assessments, in addition to providing security advisory and actionable intelligence. Partnering with Agio to maintain these essential elements of security can mean the difference between a security threat and a security breach.
Agio Managed Security provides these key features:
INTRUSION DETECTION ANALYSIS | By leveraging best-in-breed industry technology, coupled with Agio’s customization, we defend against ever-evolving, sophisticated evasion techniques, even when they are applied on multiple protocol levels. We install agents on all of your servers to analyze malicious traffic, not just externally, but within your environment as well. With 60% of all attacks being carried out by insiders, this hybrid internal and external view is crucial.
SECURITY INFORMATION & EVENT MANAGEMENT | Agio Managed
Security uses a discovery-driven approach designed to prevent future security blind spots, adding user, application, and business service context to events. We provide unparalleled threat monitoring, prioritization, and mitigation responses, leveraging log collection data from security devices, network devices, Active Directory, and applications, to cross-correlate security event data in real time, while weaving a sophisticated security event management service throughout the entire solution.
VULNERABILITY MANAGEMENT | This automated service scans networkassets for vulnerabilities on a daily basis to clearly identify potential areas of exploitation and increased security risk.
HUMAN ELEMENT (+REPORTING) | Backed by the latest security technology, our experienced
security engineers continuously analyze anomalies in your environment, looking for trends specific to your industry, while keeping up to date on threat intelligence feeds. What’s more, we regularly meet with you to review your monthly posture report and the overall health of your security posture; and when we’re not meeting with you, you have full access to our reporting platform that allows you to view your environment at any time. This combination of visibility and proactive communication is what sets us apart. We’re providing you with insight, not just alerts.
In the security arena, deep expertise is more than just knowledge; it is equivalent to having intuition. It can mean the difference between recognizing patterns and overlooking them. Here's a window into our expertise:
Agio Managed Backup is designed to back up and recover your data from anywhere, at any time. Your most current data is stored on site for quick recovery, and all your data is further protected at two highly secure, geographically dispersed datacenters located in Allentown, PA, and Seattle, WA. What’s more, our advanced data deduplication process reduces the amount of physical data backed up, creating a cost-efficient solution for you by reducing network utilization. This enables seamless back up, protection, and recovery of your critical data, while reducing costs and meeting today’s demands for speed, efficiency, and scalability.
When it comes to backing up your data, recovery is everything. When something goes wrong, all you care about is getting your data back—now. Two important processes help us achieve 100% recovery peace of mind for our clients:
This unique feature guarantees data integrity with absolutely no corruption, for successful restores every time. Autonomic Healing continuously monitors the backup repository for data corruption; if corrupt data is found, it corrects it, removes it, or reports that a correction is needed. Beyond just checking file headers and links, Autonomic Healing goes even further, verifying the logical validity of data, such as invalid names, name duplication, ID duplication, potential reconstruction failure, consistency, etc.
We ensure data is restorable by simulating real recoveries without actually writing the restored data. Simulated recoveries are run in the DS-System memory, which is flushed once the process is complete. What’s more, we use digital-signature-based validation to ensure file integrity.
Finally, Agio Managed Backup offers the flexibility of customizing your recovery time for certain blocks of data, which comes in handy when we're talking about your mission-critical application data. Depending on your Recovery Time Objective (RTO), we offer two optional features:
Continuous Data Protection (CDP) can be selected for specific backup sets to guarantee you are up and running quickly with minimal data loss.
Agio's DR Platform replicates your data in real time, which we can snapshot to provide complete recovery in minutes, instead of hours.
Traditional backup and recovery can be messy, but Agio Managed Backup allows you to set it and forget it. We simplify the installation process and ongoing maintenance with our agentless architecture, eliminating downtime, disruption, and complexity. But it’s called Managed Backup for a reason—we do the work. We monitor your backups 24x7x365 with Agio Monitoring System (AMS); if a job fails, Agio’s proprietary Enterprise Service Platform (ESP) flags it to our team for remediation. We understand, however, with responsibility comes the need for transparency. Agio Managed Backup offers you full access to an easy-to-manage, centralized, unified view of your systems, users, and devices—even when data is backed up in silos across your environment. So no matter how complex your disaster recovery and business continuity strategies are, we’ve got you covered. ×
Security & Compliance
In today’s world of constantly evolving cybersecurity threats, a service is only as good as its security. With Agio Managed Backup, your data is protected, twice over. Not only is your data backed up to Agio’s secure private cloud, but our cloud is further shielded by Agio Managed Security, a 24x7x365 service dedicated to providing 360° security. Even if you experience a hack in your environment, your data is 100% protected in our network. What’s more, our agentless architecture actually enhances the security of your overall environment. By going agentless, you no longer have to rely on agents that need to be installed on each machine. This removes open, vulnerable ports on your firewall for all backup sources, which effectively eradicates all points of attack inherent with agent-based models. Finally, it’s important to note that Agio Managed Backup also includes:
AES 256-bit in-flight and at-rest data encryption
Government-approved NIST FIPS 140-2 security certification
Customer-controlled encryption key and authentication
Over the last five years, the number of cyber attacks on businesses increased by 144%, the cost of cyber crime per company has increased by 95%, and the average time to resolve incidents has increased by 221%1. Faced with the reality of this increasing threat, the SEC issued the 28-item OCIE Risk Alert in April 2014, followed by a Guidance Update a year later in April 2015. Additionally, a stream of large corporate breaches, including Target, Home Depot, eBay, JP Morgan, Sony, and others, exposed critical vulnerabilities that ignited investor and C-Suite pressure, demanding firms to act.
As a trusted and premier MSP to hedge funds at every level, we saw the need to not only leverage our expertise in cybersecurity, but also create a program specifically aligned with the SEC OCIE Risk Alert so you, and your investors could sleep at night. Agio’s SEC Cybersecurity Readiness Program is a proactive, methodical approach to cybersecurity, under the direction of a virtual CISO, which aligns with the SEC OCIE Risk Alert and drives clients toward compliance. Through Risk Assessments, Penetration Testing, Security Architecture, and more, we’ll spend 24 months getting you and your environment fit. You’ll begin seeing immediate results within the first few months, and each month that follows you’ll be put through exercises, seminars, testing, and briefings that will continue to develop fitness at a digestible level. ×
We begin by evaluating your firm’s information security program, policies, workflows, vendor relationships, security architecture, and user awareness. These functional areas are then measured against the NIST Cybersecurity Framework and the 28 areas of interest from the SEC OCIE Risk Alert. Consider the first six months of Agio’s SEC Cybersecurity Readiness Program as boot camp, where we provide you with deliverables that help you respond to investors and the SEC Risk Alert. The remaining 18 months is training and conditioning, helping your firm develop tier one cybersecurity habits. Activities include:
Security Risk Assessment -With SEC/OCIE Gap Analysis
-Based on NIST Framework
Policy Review & Development
Social Engineering Testing: Phishing, Pretexting, USB Drive Baiting, Physical Office Security, etc.
One or two internal security engineers don’t stand a chance against the thousands of advanced hackers out there dedicated to breaching your network. You need an army—no ordinary battalion will do. You need rigorously trained, hardcore, unshakeable, obsessed cybersecurity special forces. Meet Agio Security. Our team has over 20 years of security experience, including deep PCI, HIPAA, and NIST expertise. We eat security and compliance for breakfast. Additionally, our proactive relationships at the SEC ensure we have a direct line to the latest and greatest intelligence. We’ve got you covered.
CISO on Deck
Every team needs a great leader: someone who’s strategic, proactive, and can lead their troops in and out of the stickiest, most dangerous situations. With our SEC Cybersecurity Readiness Program, you not only get special forces, you get experienced, forward-thinking CISO guidance to oversee your environment’s security and compliance posture. In monthly check-ins, we sit down with you to discuss the best long-term direction for your firm and the decisions and tactical execution required to get you from A to B. With this type of ground and air support, you can rest assured you’re setting your firm up for success now and in the future.
As a trusted PCI Qualified Security Assessor (QSA) for nearly a decade, our program is tailored to address PCI compliance for merchants and service providers alike. Agio PCI 360° is a holistic, programmatic approach to maintaining PCI compliance through proactive collaboration and CISO-style guidance, with a long-term view towards strengthening your security posture. Led by your assigned QSA and dedicated Project Manager, our annual program helps you make steady progress against PCI milestones throughout the year, as we collaborate with you at a sustainable pace. What’s more, PCI 360° realizes cost benefits by amortizing your PCI spend throughout the year, providing a manageable, predicable, and digestible budget.
Maintaining PCI compliance requires a month-in, month-out commitment to habitual activities that maintain compliance and fortify your cybersecurity defenses. While it’s typical to focus a high level of effort on compliance activities for a concentrated period of time, we spread those activities over the course of 12 months, so they become more manageable and less disruptive to your organization. Instead of having a steep climb to compliance every year, Agio PCI 360° manages the process for you, with a prescribed, yet digestible, level of steady effort. By fitting into your existing security and compliance framework and augmenting the expertise and specific skills your firm already possesses, we form a custom partnership that maximizes your benefit.
We know what it takes to be compliant, and we’re going to get you there. Specifically, our partnership with you includes the following activities, which can be customized to fit the size and maturity of your organization.
Policy review and development
Security risk assessment and gap analysis against best practices and the PCI Standard
Vulnerability scanning and assessments
Penetration testing, including social engineering
Incident response testing and breach management
Security awareness training
Program management, plus a web portal for PCI compliance collaboration
Ad hoc security and compliance consulting
Assistance with your SAQ or a formal RoC assessment
Every company subject to the PCI Standard needs an experienced guide to help them navigate the compliance waters, specific to their unique needs. With Agio PCI 360° you get CISO-level advice from our Primary QSA to ensure you understand the nature of your environment against the backdrop of PCI compliance. In your monthly check-ins, we sit down with you to discuss the best short term, tactical steps to take you from point A to point B, with your long-term security posture in mind. Beyond that, your QSA is also available to attend any discussions with your acquirer(s) or other third parties to assure you know what is expected of your company and why.
In addition, a committed Project Manager (PM) and our PCI Portal serve to keep you on schedule and on budget. Specifically, your PM oversees the milestones of your tailored program, reports on the status of ongoing or upcoming events and tasks, plans future work, and troubleshoots problems or issues that arise. And if you have any questions about the tracking of your overall engagement, you have full access to the same PCI Portal.
While many compliance requirements and standards are relatively new, Agio has performed IT security assessments for nearly 20 years, focused primarily on the retail and hospitality, healthcare, government, and education industries. We are qualified to perform any assessment, scan, or consulting engagement needed for PCI compliance, and, as QSAs, we are specifically authorized to conduct the formal assessment and provide a Report on Compliance (RoC).
All of our internal, full-time QSAs are all practicing IT security consultants with an average of 10 years’ experience. This is an important distinction between our expertise and that of a pure audit firm. Auditors without a technical background don’t necessarily understand the security or operational implications of the recommendations made and guidance provided, which can leave you open to non-compliance. It’s Agio’s technical background and detailed understanding of PCI compliance that offers you a robust, effective compliance partner with an understanding of the what’s, why’s, and how’s of your compliance.
We offer hosted secure email with a 99.99% uptime guarantee, message encryption, and mobile device
support, with compliance archiving for email, instant messaging (IM), Bloomberg, SMS, and social media.
Our automated, streamlined service replaces traditional tape backup systems with advanced encryption,
off-site redundancy, centralized online access, flexible recovery options, and unparalleled data protection,
including data retention policies that meet diverse regulatory guidelines. From 24x7x365 monitoring of your
backups to remediation, we do the work so you don’t have to.
Agio’s solution provides high availability for crucial systems by replicating mission-critical data to two remote, fully redundant data centers geographically isolated from your primary location. Accessible by an Internet connection, we provide convenient, fast, reliable access to your essential applications,including trading systems. Most importantly, Agio manages and executes the failover from production to DR, and back to production, to ensure your data is correctly synced between environments.
Agio has been performing IT security assessments for nearly 20 years across many industries and to other exacting standards, in addition to HIPAA, such as ISO, GLBA, NIST, SOX, etc. Specifically, we have assessors and consultants certified by the HITRUST Alliance as Practitioners, both assessors and consultants certified by the Cloud Security Alliance, and Agio is also a Payment Card Industry (PCI) Qualified Security Assessor (QSA), with an additional five individual QSAs on staff.
It’s our technical background and detailed understanding of, first and foremost the healthcare industry, as well as other aforementioned regulatory markets, that guarantees you have a robust, effective cybersecurity partner with an understanding of the what’s, why’s, and how’s of your compliance. There is no doubt, we’ve got you covered.
Every company subject to health care compliance requirements needs an experienced guide to help them navigate the regulatory waters, specific to their unique needs. With Agio Health Care Cybersecurity 360°, you get CISO-level advice from our most seasoned health care security experts to ensure you understand the nature of your environment against the backdrop of the healthcare regulatory and threat landscape. In your monthly check-ins, we sit down with you to discuss the best short term, tactical steps to take you from point A to point B, with your long-term security posture in mind. Beyond that, we’re available to attend any discussions with your vendors or other third parties to assure you know what is expected of your organization and why.
On top of this high level technical guidance, you’re assigned a committed Project Manager (PM) to keep you on schedule and on budget. Specifically, your PM oversees the milestones of your tailored program, reports on the status of ongoing or upcoming events and tasks, plans future work, and troubleshoots problems or issues that arise. They are your handler, as well as your wrangler to ensure you get what you need from the Program.
Our methodical commitment to habitual activities, which maintain compliance and fortify your cybersecurity defenses, have been architected to align with the HIPAA Security and Privacy Rules, NIST SP 800, HITRUST CSF, as well as other security best practices. While it’s typical to focus a high level of effort on compliance activities for a concentrated period of time, we spread those activities over the course of two years, so they become more manageable and less disruptive to your organization. Instead of having a steep climb to compliance every year, Agio Health Care Cybersecurity 360° manages the process for you, with a prescribed, yet digestible, level of steady effort. Even more importantly, by fitting into your existing security and compliance framework and augmenting the expertise and specific skills your firm already possesses, we form a custom partnership that maximizes your benefit.
We know what it takes to be compliant, and we know what it takes to maintain a robust security posture. This Program will get you there – on both fronts.
Our approach leverages years of both health care experience and security expertise to assist both providers and business associates in the industry with security and compliance initiatives. Specifically, Agio Health Care Cybersecurity 360° is a 24-month centralized cybersecurity and compliance program that includes:
Monthly status calls and oversight of your security program
Policy Review & Development
Security Risk Assessment
Social Engineering Tests
Coordination of Incident Response Planning & Testing
Security Awareness Seminar
Board & Executive Briefings
Why such a holistic and comprehensive methodology? Because the health care industry has its work cut out for it when it comes to cybersecurity. There are mounting risks tied to maintaining patient confidentiality and integrity of clinical data. Technology advancements are making information exchange among health care providers easier, more flexible, and most notably, more “virtual.” And the proliferation of interconnected compliance requirements, comprised of HIPAA, the Payment Card Industry (PCI), SOX, ISO, NIST, etc., result in a daunting regulatory matrix, difficult for any non-dedicated, full-time staff to navigate.
Health Care Providers and Business Associates need a true 360° approach.