SOC for Cybersecurity FAQs

by Sarah Harvey / May 29th, 2018

What is SOC for Cybersecurity?

Because most organizations conduct some portion of their business in cyberspace, they open themselves up to a new level of risk. Who they are, what they do, and what information they possess can make businesses targets for malicious attackers. Reputational damage, disruption of business operations, fines, litigation, and loss of business can all be consequences of a cybersecurity attack. It’s more important than ever to demonstrate the extent and effectiveness of your organization’s cybersecurity risk management program. Understanding this, the AICPA created SOC for Cybersecurity, a general use report that describes an organization’s cybersecurity risk management program and verifies the effectiveness of its controls. Take a look at some of the most frequently asked questions about SOC for Cybersecurity.

In April 2017, the AICPA announced a new cybersecurity risk management reporting framework, paired with a market-driven, voluntary SOC for Cybersecurity examination. Because this framework and examination are so new, many still have questions about what it is and if their organization could benefit from it.

What is the Purpose of a SOC for Cybersecurity Report?

A SOC for Cybersecurity report is a general use report that describes an organization’s cybersecurity risk management program and verifies the effectiveness of its controls, which can help stakeholders make informed decisions and can address vendor or supply chain risk management practices.

Who Needs a SOC for Cybersecurity Report?

Any organization who wishes to provide their board of directors, analysts, investors, business partners, industry regulators, or users with perspective and confidence in their cybersecurity risk management program.

How is a SOC for Cybersecurity Report Different than a SOC 1 and SOC 2 Report?

A SOC 1 engagement is an audit of the internal controls at a service organization that may be relevant to their client’s internal control over financial reporting. SOC 2 reports help service organizations cultivate confidence in their service delivery processes and controls, based on the Trust Services Criteria. A SOC for Cybersecurity report, though, fosters confidence in an organization’s cybersecurity risk management program.

Get the answers to all SOC for Cybersecurity FAQs.

Connect with a KirkpatrickPrice expert today!

Share Tweet Share Email

Related Posts