Identify and contain potential cyberthreats with a SOC examination for cybersecurity.
Established by the American Institute of Certified Public Accountants (AICPA), the SOC for Cybersecurity reporting framework provides the ability for CPAs to examine and report on an organization’s cybersecurity risk management program (CRMP).
SOC examinations help provide an independent, entity-wide examination of the CRMP for any type of organization and can give boards, investors, business partners, and other stakeholders confidence in an organization’s CRMP and its mitigation strategies to combat cyberattacks.
The SOC for Cybersecurity examination differs from a SOC 2® examination in three main ways:
The examinations focus on different security types. SOC 2 primarily addresses general information security, while SOC for Cybersecurity focuses on cybersecurity risk management programs.
Though designed to meet the needs of a broad range of users, the intended audience typically includes board members, management, analysts, investors, and business partners. The report isn’t restricted to specified parties.
Practitioners may decide to restrict the use of their report to specified parties to limit the distribution of the report to only those who need to know, or who have specifically requested, the information.
Public companies, however, must routinely prepare disclosures about cybersecurity risks and incidents—which the report can provide.
Management is responsible for the controls within the entity’s CRMP, regardless of whether those controls are performed by the entity or by a service organization. While the scope of the examination report can be limited to a portion of the entity or to the larger organization, the description criteria is required to address controls within the entity’s CRMP.
Preparing an organization’s leadership team for this reporting process is essential. Performing an internal-use-only evaluation using one of the relevant frameworks or regulations can help make the process more effective.
Select the framework that best meets the needs of your organization and base the SOC examination for cybersecurity on that framework.
Applicable frameworks include:
The report contains three sections:
Our professionals provide examinations for a range of client types including software-as-a-service (SaaS), infrastructure-as-a-service (IaaS), and platform-as-a-service (PaaS) companies, business intelligence providers, colocation data centers, financial institutions and service companies, third-party administrators, benefits administrators, and more.
Thank you. Your contact request has been received. We will be in touch soon.