The rapid shift to digitization has led to a corresponding rise in the amount of data created by organizations; this, in turn, has led to an increased risk of data breaches and security incidents.
The General Data Protection Regulation (GDPR) is a set of policies drafted by the European Union to protect EU citizens’ personal data. Therefore, companies need to safeguard any important information from corruption, compromise, or loss.
Featuring in this issue’s The Enterprise World’s Top 10 GDPR Solution Companies To Watch series is VigiTrust, a company that helps its clients to prepare, validate and comply with the changing rules of data protection.
If you look at the roots of the business, you’ll see that data protection was always the cornerstone of all things VigiTrust. It remains so, so GDPR is right up our alley. Providing a solution like VigiOne makes total sense in this context; it enables clients and partners to prepare for, validate, and maintain compliance with GDPR, and link that to over 100 interrelated data protection standards and laws.
“In my view, GDPR is setting the right tone for data protection minimum levels, enforcement, and continuous security.”
As Mathieu Gorge (CEO and Founder) puts it, “security is a journey and not a destination”. GDPR is well aligned with this because you need to continually update your data ecosystem and perform privacy impact assessments when a new data ﬂow comes into play.
VigiTrust started out as a security consulting ﬁrm and a value-added reseller for network security. Over the years the company developed strong skills in data protection pre-auditing, as well as security and compliance training and awareness. About 8 years ago VigiTrust began to productize the training it had been delivering in the EU and started an eLearning practice.
Fast forward to today and VigiTrust is a SaaS provider of Integrated Risk Management (“IRM”) solutions to clients in 120+ countries in the healthcare, retail, hospitality, transportation, government and semi-state sectors. In addition, VigiTrust continually adds new global security and compliance frameworks to VigiOne, its award-winning IRM solution.
“The key to incite our target audience is to keep innovating and to oﬀer always more comprehensive solutions. You just cannot stay still in security and compliance.”
There have been several key milestones in the company’s development. A decade ago, VigiTrust worked with Hewlett Packard in Germany in the area of secure printing. This allowed the company to get ahead of the game, given that secure printing and document capture security is a key issue for today’s security programs.
Another milestone was the productization of the training services the company had developed around data protection and information governance. This commenced in 2012 and today, eLearning, security awareness training, and online certiﬁcation are a must for any organization. VigiTrust has incorporated 10 years of security & compliance eLearning into its award winning solution, VigiOne.
VigiTrust transitioned from a consulting and training provider to a SaaS GRC provider between 2016 & 2018.
Challenges that Made Way for a Successful Pathway-
Mathieu Gorge (CEO) founded VigiTrust in 2003, a time of great change in the Irish IT security sector following the 2001 recession. Many value-added resellers had suffered in the wake of that recession, leading to some in the sector starting their own security consulting firms.
Mathieu saw the situation as an opportunity to move away from a pure network security-driven model to a more data protection-orientated one. Back then, the concept of “putting data first” was new.
“Today, data is the new currency that makes the world go around.”
Keeping abreast with all regulatory updates and industry standards changes is a constant challenge. VigiTrust’s core strength is its ability to keep ahead of the various legal, operational, technical, and compliance challenges faced by its clients. The company continuously monitors the security and compliance environment, complemented by its Global Advisory Board, comprised of over 700 members such as CEOs, CFOs, Risk Managers, and other payment and fraud experts.
Each year, VigiTrust hosts several Regional Advisory Boards across the globe to discuss and explore current and evolving cyber security threats, trends and innovations, as well as compliance, information governance, and regulations.
Since its inception in 2012, the VigiTrust Global Advisory Board has placed a strong emphasis on information sharing and education in a conﬁdential, non-commercial setting, featuring thought leaders who can call on decades of experience in their respective ﬁelds.
The Products and Services-
VigiOne incorporates VigiTrust’s 18 years of experience in the information security services sector into one single SaaS solution, enabling complex and disparate organizations to simplify the implementation and management of security and privacy regulations. VigiOne utilizes VigiTrust’s 5 Pillars of Security Framework™ to enable the key processes for Preparation, Validation, and Compliance.
VigiTrust continually innovates and creates new features.
“VigiTrust has developed a roadmap that we follow with precision, to ensure that VigiOne can be adapted to any type of organization.”
The Integrated Risk Management (IRM) sector where VigiTrust operates is a busy space. However, what makes VigiTrust unique is its VigiOne platform. VigiOne allows organizations to manage security assessments, compliance validation, and continuous compliance. The solution incorporates full project management functionality to allow the management of all compliance tasks, particularly recurring tasks. The platform also functions as a fully-ﬂedged cyber security education portal, boasting more than 250 training lessons. It is also a collaborative tool that enables end-users to work effectively with external assessors.
VigiOne can be conﬁgured for multiple standards, including GDPR and other data protection standards such as CCPA.
VigiOne includes a GDPR readiness assessment questionnaire template (31 questions across 13 topics) that can be assigned to entities to assess their GDPR how compliant or “ready” they are for a GDPR audit.
Data Protection Basic, Fundamentals, Intermediate Courses
VigiOne provides access to a suite of GDPR eLearning courses, which introduce staff to GDPR and other data protection concepts.
VRM Module (where applicable)
VigiOne’s VRM capabilities allow you to ensure that suppliers fully understand their obligations concerning data processing.
Policy and Procedure Dissemination and Implementation Tracking
VigiOne’s document management function allows you to communicate, disseminate and control the implementation of important documents such as agreements and a range of policies across large complex organizations.
Data Processing Register(Record of Data Processing)
VigiOne allows you to create and disseminate templates to ensure that subsidiaries use a standardized and consolidated approach to compliance.
VigiOne’s Assessment 360 tool includes templates for all required assessments under GDPR, including DPIA and LIA Balancing Test, and also allows you to develop or customize purpose-built templates for your subsidiaries.
Website Scanning Scheduling and Management
Organizations can integrate vulnerability management and web application scanning into VigiOne where required.
Incident & Breach Project Management Template
VigiOne’s Project and Task Management feature allows you to create project plan templates and task lists that can be used for incident and breach management planning, testing, and execution.
Documentation and Evidence Library
The capability to demonstrate compliance to GDPR and other regulations at the touch of a button requires ready access to documentary and other evidence of compliance and testing. VigiOne’s document library stores and tracks a range of file types, including documents, images, reports, and videos.
VigiOne provides a fully transparent view of GDPR processes, even in large, complex distributed organizations. Importantly, it allows you to demonstrably and consistently manage compliance. The platform allows you to quickly review and audit your processes and eﬃciently control update and change. You can integrate your security program to demonstrate your commitment to protecting the personal data that you need to process, in a manner that is compliant with prevailing legislation and best practice.
“VigiOne makes it easy and straightforward.”
The Road Ahead-
VigiTrust strives for continuous innovation, and its product roadmap is designed to ensure that VigiOne is easily adapted to any organization, be it acquiring banks, retail companies, hotels, QSAs, or ASVs.
“I believe that security is a journey, not a destination. This means that innovation is required at all times to ensure that solutions address current threats, vulnerabilities, and regulations & standards.”
No one in compliance can aﬀord to stay still. VigiTrust continues to innovate and relies on topics discussed at the VigiTrust Global Advisory Board and its community of 700+ members to help it drive innovation in the right direction!
Mathieu Gorge- Leading the Way-
Mathieu Gorge, Founder & CEO created VigiTrust in Dublin, Ireland. He is an established authority and speaker on Cyber Security, Risk Management & Compliance with more than 20 years’ international experience.
His areas of expertise include PCI DSS, GDPR, CCPA, HIPAA, VRM, and ISO 27001. He has been involved in payment security for more than 20 years and works with many security working groups and associations in the US and EU. Building on the success of VigiTrust’s 5 Pillars of Security Framework™, he is a regular speaker at international security and compliance conferences such as RSA, ENISA & ISACA.
Mathieu was the President of the French Irish Chamber of Commerce in Dublin from 2017-2019. He remains on the Executive council and as chair of the ICT working group. He has also served as the Chairman of InfoSecurity Ireland and was an Oﬃcial Reviewer for ANSI (US). He is also the founder of the PCI DSS European Roadshow, which has been running since 2011. Mathieu is also the Chairman of the VigiTrust Global Advisory Board, an international security & compliance think tank.
Mathieu has recently authored a book entitled The Cyber Elephant in the Boardroom, published by ForbesBooks (November 2020).