SOC for Cybersecurity® Reports

Companies are facing increasing demands to demonstrate to stakeholders that they are sufficiently managing cybersecurity threats. While the SOC 2 and 3 frameworks deal with controls as pertaining to Security, Availability, Processing Integrity, Confidentiality, and Privacy, no framework had existed to report on the protections provided by a cybersecurity risk management program – until now. SOC for Cybersecurity® Reports.

To address this need, the AICPA has developed a cybersecurity risk management reporting framework that assists organizations as they communicate relevant and useful information about the effectiveness of their cybersecurity risk management programs. The framework is a key component of a new System and Organization Controls (SOC) for Cybersecurity engagement, through which a CPA reports on an organizations’ enterprise-wide cybersecurity risk management program.  This information can help senior management, boards of directors, analysts, investors and business partners gain a better understanding of organizations’ efforts.