With the growing threat of global cybersecurity incidents — remember WannaCry? —organizations of all sizes and those they transact business with are increasingly focused on cybersecurity risk management.
The American Institute of Certified Public Accountants (AICPA) has responded with a new SOC for Cybersecurity examination. Part of the SOC Suite that includes SOC 1, SOC 2, and SOC 3, SOC for Cybersecurity evaluates and provides reports on organizations' comprehensive risk management programs and the controls within them.
The evaluation includes a description of the organization's program, including criteria such as inherent risk factors, program monitoring, event prevention management, detection and incident response, and management of confidential information, among others.
Organizations can opt to have a third party conduct a gap analysis to identify any controls, policies, or procedures that need improvement, or they can proceed to the examination itself.
Organizations are using their SOC for Cybersecurity reports to communicate the effectiveness of their cybersecurity risk management practices to business partners, customers, vendors, and other stakeholders.
In this article, Plante Moran cybersecurity experts Krystle Beseler and Sarah Pavelek share an overview of the SOC for Cybersecurity examination and show how it complements the rest of the SOC Suite to help organizations protect themselves from increasingly common cyber threats.