SOC for Cybersecurity

Organizations are under increasing pressure to demonstrate that they are managing cybersecurity threats, and that they have effective processes and controls in place to detect, respond to, mitigate and recover from breaches and other security events.

To address this market need, the AICPA has developed a cybersecurity risk management reporting framework that assists organizations as they communicate relevant and useful information about the effectiveness of their cybersecurity risk management programs. The framework is a key component of a new System and Organization Controls (SOC) for Cybersecurity engagement, through which a CPA reports on an organizations' enterprise-wide cybersecurity risk management program.  This information can help senior management, boards of directors, analysts, investors and business partners gain a better understanding of organizations' efforts.

Introduction to the AICPA's Cybersecurity Risk Management Framework [Video]

The AICPA’s new cybersecurity risk management reporting framework helps organizations communicate about and CPAs report on cybersecurity risk management programs. Learn more about the framework in this video featuring Sue Coffey, CPA, CGMA, AICPA executive vice president for public practice.