Meet VigiTrust, the Dublin-based software provider keeping more than 2,500 hotels in compliance with PCI DSS for Europe’s largest hotel operator.
It’s been a hectic few years for legal and compliance staff at companies around the world grappling with an onslaught of new data privacy laws. But for VigiTrust, an award-winning risk management software provider headquartered in Dublin, it’s been nothing short of a perfect storm.
That’s according to CEO Mathieu Gorge, who founded VigiTrust in 2003 and describes the present moment as a pivotal time in the cybersecurity and compliance space.
“With Europe rolling out GDPR and California’s Consumer Privacy Act (CCPA) in the US, the rise of the Payment Card Industry Data Security Standard (PCI DSS), Anti-Money Laundering (AML), Know Your Customer (KYC) and so on — the fact that that’s all happening now is taking us to the next level as a company,” Mathieu explains.
Timing is everything
VigiTrust’s roots are in security auditing but, five years ago, the business pivoted completely into risk management software and today helps companies prepare for, achieve and maintain compliance with legal and industry security frameworks.
Because trying to stay on top of different regulations worldwide is both complicated and time-consuming, VigiTrust launched VigiOne in 2018, a single SaaS solution for governance, risk, and compliance that simplifies the process for complex and disparate companies. It’s now in use in more than 3,500 organizations in over 120 countries.
Today, VigiTrust has support offices in New York and Paris and its clients tend to be large organizations with multiple locations that process a lot of both card present and card not present (eCommerce) transactions in multiple currencies or other transactions that include customer data — in short, organizations where compliance is crucial and cybersecurity is a concern.
“What we’re trying to sell is the value-add of compliance,” Mathieu explains. “We want boards and C-level executives to understand the requirement for compliance and the value-add for the company as opposed to coming at security and compliance challenges from the fear factor, the fear of having to pay a fine.”
How VigiTrust helped Accor achieve PCI DSS compliance at scale
Take Accor, for instance. As the single largest hospitality company in Europe and the sixth-largest worldwide, Accor needed a comprehensive PCI DSS program to support its network. But coordinating compliance efforts across more than 35 brands of hotels — including both owned and managed hotels and franchisees — was proving to be a massive challenge.
That said, when Accor encountered VigiTrust at its PCI European Roadshow in 2011, achieving compliance at scale suddenly seemed a lot more doable. The company first enlisted VigiTrust in 2012 to create a PCI DSS e-learning module for 15,000 users, which eventually evolved into a customized training program and portal for its entire network two years later. Today, all aspects of Accor’s governance, risk and compliance are managed through the VigiOne platform.
“Rather than reinventing the wheel, Accor has been able to build on the effort and time spent to comply with PCI to address GDPR requirements, which in turn can also be leveraged to comply with CCPA in the US,” Mathieu shares. “Not to mention, because reporting is now consistent across all brands and countries, it enables Accor to take its compliance program to the next level and take action in a much more proactive and effective way than ever before.”
Adding real business value through compliance
According to Mathieu, compliance is a journey, not a destination — and, it’s fair to say, VigiTrust has been on its own journey in recent years.
“Once we pivoted into software and landed big clients including global retailers, airlines, acquiring banks, semi-state and government agencies, we started getting a lot of feedback, improving our product and winning awards. That generated a lot of traction for us and the challenge that we have right now is to manage our growth and scale as fast as we can — and I think we’re well-positioned to do that,” he explains.
That’s partly because the company has been running the VigiTrust Advisory Board since 2011 – a not-for-profit global think tank under Chatham House Rules with over 150 members in 16 countries, ranging from CEOs and CFOs to security professionals and regulators. It’s essentially a safe space where competitors can discuss challenges and exchange ideas.
“We use the advisory board as a sounding board, as a platform to validate everything we do, from our product roadmap to our go-to-market strategies,” Mathieu explains. “It majorly increases the value of our business and it adds value for our clients and partners.”
Moving forward, VigiTrust sees the Asia Pacific market as a huge growth opportunity, particularly Australia, New Zealand, and Indonesia. As Mathieu puts it, “We have a unique blend of deep expertise in European regulation and US regulation around privacy and that expertise, combined with our advisory board and ability to quickly adapt to changing regulations, gives us a competitive edge in the marketplace.”