Our two-year compliance program is a proactive, methodical approach to cybersecurity, under the direction of a virtual CISO that aligns alternative investment advisors with the SEC OCIE Risk Alert.
We created this compliance program to be specifically aligned with the original SEC OCIE Risk Alert, as well as the subsequent updates the SEC has since released. It’s a way for our hedge fund clients to appease the C-suite and attract and retain investors. We’ll spend 24 months putting you through SEC compliance training exercises, seminars, testing and briefings, all of which will continue to develop your cybersecurity fitness at a digestible level.
SECURITY RISK ASSESSMENT
We use technical, policy and procedural lenses to review your information security maturity to then determine how likely you are to experience a cybersecurity attack.
POLICY REVIEW & DEVELOPMENT
We leverage industry trends and external threats to inform the creation or review of your security policies, and we keep those policies up to date based on changing SEC compliance requirements.
SECURITY ARCHITECTURE REVIEW
This evaluation determines if your current security solutions are functioning as intended. The results yield a report with recommendations for improvements.
We look at the level of access your individual vendors have to your systems and data, against the maturity of each of their cybersecurity postures. This determines how exposed you might be if one of those vendors experiences a breach.
We look at your security posture from an attacker’s point of view to expose weaknesses through on-site and remote testing.
SOCIAL ENGINEERING TESTING
We test your team’s response to a variety of internal threats, such as pretexting, phishing and USB drive baiting. We include a physical evaluation of security in your office space.
SECURITY AWARENESS TRAINING
Agio’s annual seminar leverages results from our social engineering testing to educate and inform your team on how to identify and avoid an attack.
SEC AUDIT ASSISTANCE
Should the SEC decide to audit your firm, we serve as an on-site advisor during the examination. We’re there every step of the way so you can feel confident your cybersecurity partner has your back.
MONTHLY SECURITY STRATEGY
Your Project Manager and vCISO meet with you monthly to review program progress, report on deliverables and inform you of shifts in the regulatory and cybersecurity threat landscapes.
Whether you have an internal CISO or not, Agio’s SEC Governance Program includes experienced, forward-thinking guidance to complement and augment your firm’s security and compliance posture. In monthly check-ins, we’ll discuss the best long-term direction for your firm, as well as the decisions and tactical execution required to get you from A to B.