US privacy regulation poses a challenge
ACA Aponix: Best Cyber Security Provider – One of the greatest challenges facing cyber-security and technology risk is how privacy regulation is being addressed in the United States. As a result, ACA Aponix, the cybersecurity and risk division of ACA Compliance Group, is focusing on privacy regulation and readiness for 2020.
“The plethora of state regulations and nits and nuances of each will create significant work for private equity clients and for their portfolio companies,” remarks Raj Bakhru, Partner and Chief Innovation Officer at ACA Compliance Group.
Currently, privacy regulation is at the state level and it is quite possible that firms will need to adhere to 50 individual state privacy regulations instead of a single national regulation. To address this, ACA Aponix is working with clients to build privacy programs that address most common tenets of a strong privacy program, recognising that most privacy regulations have commonalities. “We continue to monitor the progress of state regulation and advise our clients on best practices to apply to their privacy programs,” Bakhru explains.
ACA Aponix provides cybersecurity and technology risk assessments, data privacy compliance, vendor and M&A diligence services, network testing, and advisory services for companies of all sizes.
The firm’s private equity clients invest in many industries and it is important they and their portfolio companies are well-supported by their service providers. This year, ACA Aponix was accredited as a HITRUST certified assessor. The HITRUST CSF is a well-regarded benchmark in the healthcare space and being accredited to certify firms against HITRUST allows it to better assist its private equity clients in their pre-deal diligence and with their existing portfolio companies.
Bakhru notes: “We also built out a product solution designed for ESG operational oversight of cybersecurity and privacy. Our private equity ESG teams really appreciate the approach we take to help identify key cybersecurity operational risks and privacy regulatory risks in their portfolio in a high-touch, high-value, low-cost manner.”
To uphold best practice in the industry, ACA Aponix continues to hire extremely qualified senior individuals with experience across many industries. “Our clients work with professionals who average over 15 years of experience in IT, privacy, and cybersecurity. Many have held CTO, CIO, and CISO roles throughout their careers and maintain US military security clearance. We encourage professional accreditations such as CISSP, CISM, and CIPT. We conduct numerous inhouse trainings and adhere to best practices promoted by government security agencies, regulators, and collective industry organisations,” Bakhru says.
The firm also analyses risks in the market and innovates to best support clients in third-party risk, deal diligence, and portfolio oversight. ACA Aponix seeks to generate trust among clients, showing it understands their business and is focused on risk management across both the management company and the portfolio.
ACA Aponix approaches technology risk holistically, viewing cybersecurity as one important element of a range of technology risk domains. Although some may consider cybersecurity solely from the network firewall angle, Aponix’s experience shows that most cybersecurity risk surfaces elsewhere.
This is why it advocates that a penetration and/or vulnerability test alone is not sufficient to capture a firm’s risk profile. The firm’s goal is to identify the root cause of issues such that security is not confined to a single point-in-time.
Partner, Chief Innovation Officer, ACA Aponix
Raj Bakhru is the co-founder of ACA’s cybersecurity and risk division, ACA Aponix. Aponix was founded in June 2014 to fill the market gap of holistic, independent technology risk assessments for financial firms. Aponix joined the ACA Compliance Group umbrella to form ACA Aponix in February 2015.