ACA Group (ACA), the prominent governance, risk, as well as compliance advisor in financial services, announced the launch of Aponix Foundations. This self-service SaaS cybersecurity solution enables firms to set essential cyber governance without the cost or complexity of building a full in-house program.
Innovated by ACA Aponix®, ACA’s cybersecurity and risk division, Aponix Foundations gives an automated platform for firms across the financial services industry, including wealth managers, venture capital firms, asset managers, as well as broker-dealers.
Aponix caters to an industry oversight gap with a self-service SaaS platform designed to help compliance officers establish and manage baseline cyber governance.
Integrated within ACA’s ComriskplianceAlpha® platform, the program provides firms with a centralized hub to assess risks, monitor vulnerabilities, and oversee cyber controls alongside other compliance obligations. ACA also provides an advisory call with a consultant to review results, prioritize remediation, and establish a roadmap.
Its Notable Features Include:
- Risk Assessment: Robust proprietary risk assessment that produces detailed findings, recommendations, and risk ratings. Assessment is paired with a readout call with an ACA cybersecurity consultant to discuss assessment findings.
- Risk Management Tool: Prioritize and act on identified risks.
- IT and Compliance Checklist: Step-by-step guidance with cadence tracking for key cyber activities.
- Staff Training: Web-based training modules for employee training.
- Threat Monitoring: Ongoing domain and threat surveillance with automatic alerts.
- Weekly Vulnerability Scanning: Continuous scanning with downloadable PDF reports to support audits and exams.
This program goes beyond wealth managers. It’s designed for any firm that has not yet established its own cybersecurity governance.
Executive Statement
According to Christine Tetherly-Lewis, Partner and Head of ACA Group’s Cybersecurity and Risk Advisory division, Aponix Foundations was designed to give compliance officers confidence that their firm’s cyber risks are being identified and addressed. With weekly vulnerability scans, ongoing monitoring, and evidence that can be used in audits or exams, firms can begin to take steps with cyber oversight that regulators expect without having to build a full cyber function in-house.
