This component of the AICPA’s Private Companies Practice Section’s (PCPS) Exploring Cybersecurity Toolkit takes a deeper look at the abundant cybersecurity frameworks that firms may encounter when working with their clients. There may be industry-specific frameworks established or general frameworks that clients may have adopted. This resource can serve as a reference point to find answers to basic questions on these frameworks that may be utilized. Due to the variety of existing frameworks, this document has been divided into the following categories for ease of use:
Part I – Reporting for CPAs: Review the cybersecurity and Information Technology (IT) reporting CPAs can offer. Within this SOC suite of services is the SOC for Cybersecurity engagement, under which firms can report on an organization’s risk management framework.
System and Organization Controls (SOC) examinations
Part II – Supplemental Cybersecurity Information: Frameworks and cybersecurity standards have been developed by and for the IT sector to address specific organization needs. Clients may be required to be in compliance with certain regulations such as HIPAA for healthcare entities. These resources will give CPAs background on these existing standards and frameworks.
Information security frameworks
Security reference material
Information security related regulation
Security intelligence and thought leadership
IT control framework
Security framework and security validation reports
IT operations framework
Regulation and security validation reports
Security intelligence and thought leadership and security validation reports