Our two-year compliance program is a proactive, methodical approach to cybersecurity under the direction of a virtual CISO that aligns alternative investment advisors with the SEC OCIE Risk Alert.
Cybersecurity is the #1 concern for compliance professionals, and yet internal IT and cybersecurity teams aren’t growing. The pressure continues to mount as the SEC, investors and the c-suite are all wanting to know, “what are you doing for cybersecurity?” This is why we created our comprehensive compliance program, specifically aligned with the SEC OCIE Risk Alert and subsequent Guidance Updates. It’s a way for our hedge fund, private equity, and alternative asset clients to solve an immediate need that impacts their job security, as well as their firm’s reputation. We’ll spend 24 months putting you through SEC compliance training exercises, seminars, testing, and briefings, all of which will continue to develop your cybersecurity fitness at a scalable and digestible pace.
Security Risk Assessment
We use technical, policy, and procedural lenses to review your information security maturity to then determine how likely you are to experience a cybersecurity attack.
Policy Review Development
Leveraging industry trends and external threats, we create or review your security policies, and we keep those policies up to date based on changing SEC compliance requirements.
Incident Response Testing
We work with you to conduct annual tabletop exercises with C-suite stakeholders, including follow-up discussions and whiteboarding sessions, in order to test your incident response plan.
Security Architecture Review
This evaluation determines if your current security solutions are functioning as intended. The results yield a report with specific recommendations for improvements.
We secure your firm’s domain names and public DNS services, which more and more are the targets of attacks by bad actors, and alert you when changes are detected.
Our cybersecurity engineers examine your security posture from an attacker’s point of view to expose weaknesses through on-site and remote testing.
Social Engineering Testing
We test your team’s response to a variety of internal threats, such as pretexting, phishing, and USB drive baiting, and include a physical evaluation of security in your office space.
Security Awareness Training
Agio’s annual seminar leverages results from our social engineering testing to educate and inform your team on how to identify and avoid an attack.
SEC Audit Assistance
Should the SEC decide to audit yourfirm, we serve as an on-site advisor during the examination. We’re there every step of the way so you can feel confident your cybersecurity partner has your back.
Monthly Security Strategy
Your Project Manager and vCISO meet with you monthly to review program progress, report on deliverables, and inform you of shifts in the regulatory and cybersecurity threat landscapes.
Your Real-Time Dashboard
From a client experience standpoint, Agio’s Governance Portal is how we deliver the service to you, and it provides a real-time view into the status of your program, organizing activities and service requests by priority and progress towards completion. Along these lines, the portal acts as a one-stop compliance shop for all documentation with regards to your program and has the benefit of being interactive with the ability to engage vCISOs in real-time through the portal. Finally, Agio’s Governance Portal also ensures compliance with more than 12 existing governance frameworks, adapting to regulatory developments as the cybersecurity landscape evolves.
Our Governance Program was the first of its kind, but it’s certainly not the last. We remain, however, the only program on the market to offer you a solution driven by an experienced virtual CISO and trained project manager committed to guiding you from start to finish. This means forward-thinking advice, monthly meetings, strategic discussions on the direction of your firm, and tactical decisions required to move the cybersecurity needle today. So, if there ever comes a time when your C-suite, investors or regulatory bodies want to know what you’re doing about cybersecurity, you’re documented and ready to go. We’ve thought of it all when it comes to your cybersecurity health so you don’t have to.