Will Your Cybersecurity Program Hold Up to Regulatory Scrutiny?

► THE CHALLENGE

With the current cyber threat landscape and proposed SEC cyber rule, firms should not wait for the rule’s ratification to become compliant. At a minimum, under the proposed rule firms will be expected to: 

_{• Disclose information about certain "cybersecurity risks" and "cybersecurity incidents: to current and prospective clients, investors, and/or shareholders}  

_{• Report any "significant adviser cybersecurity incidents" to the SEC shortly after the incident within 48 hours}

_{• Adopt and implement cybersecurity policies and procedures that are reasonably designed to address cybersecurity risks}

_{• Enact more active fund board oversight and stricter record-keeping practices} 

► THE SOLUTION 

_{It is recommended that firms evaluate their program and compare their current state of cybersecurity policies and procedures against the proposed requirements, validate compliance through documented examples, identify gaps where there may be missing policies, procedures, or formal evidence of compliance.} 

► HOW WE HELP

ACA Aponix^® can help your firm develop, implement, and maintain the required information security program necessary to meet the SEC's regulatory requirements. Our team can provide support through:

_{• Cybersecurity and Technology Risk Assessments and Compliance Readiness}

_{• Staff Training and Phishing Policy Development}

_{• Penetration Testing​}

_{• Threat Intelligence/Monitoring}

_{• Data privacy compliance assessments}

_{• Vendor Due Diligence services}

_{• Portfolio Company Oversight}

_{• Policy Development}

_{• Technology, Cybersecurity, and Privacy Risk Assurance Advisory Services, and More} 

Do you have the bandwidth necessary to focus on cybersecurity? 

Our award-winning team can help to ease the burden and build a cyber program made to withstand the evolving risk landscape.