Our current environment is witnessing continually increasing cybersecurity threats. Threats like we’ve never seen before. As a result, businesses need to demonstrate they have the proper controls in place to thwart any attempt of breach. To address this environment, the AICPA has developed a cybersecurity risk management reporting framework. The framework is a key component of the System and Organization Controls (SOC) for Cybersecurity engagement, through which a practitioner (a registered and peer reviewed CPA such as Assure) reports on a company’s enterprise-wide cybersecurity risk management program. SOC for Cybersecurity examines two areas: 1) the description of the organization’s cybersecurity risk program and 2) the effectiveness of the controls within the program. The SOC for Cybersecurity report will include the following three components:
- Management’s description of the entity’s cybersecurity risk program.
- Management’s assertion.
- Practitioner’s (i.e. auditors) opinion.
A SOC for Cybersecurity illustrates to those with vested interest your organization that a solid cybersecurity risk management program is in place. Ready to learn more? Contact Us!