To keep pace with an increasing focus on mitigating and managing risk, the AICPA issued a benchmark reporting framework – SOC for Cybersecurity – to effectively assess an organization’s cybersecurity risk management program. The SOC for Cybersecurity examination is focused on two primary areas: (1) a description of the organization’s cybersecurity risk management program and (2) the effectiveness of controls within that program to achieve the organization’s cybersecurity objectives.
The SOC for Cybersecurity extends beyond traditional SOC 2 Reports – which assess controls relevant to the security, availability and processing integrity of systems – to highlight a specific area of risk for firms today – the prevention, detection and response to growing cyber threats.
The SOC for Cybersecurity report includes three different components:
The need for advanced cybersecurity controls and, more broadly, a comprehensive risk management program, is one that should resonate with all businesses – regardless of size, location, structure or industry. SOC for Cybersecurity reports are considered ‘general use’ reports, and as such are not restricted to service organizations, but rather, are designed to appeal to any business interested in demonstrating their cyber preparedness to relevant parties, including Boards of Directors, investors, business partners, regulators, etc.
The practitioners at MFA are well-versed in assessing a firm’s internal controls and providing proactive guidance to combat growing security threats and mitigate both internal and external cyber risks. To learn more about our SOC for Cybersecurity examinations, please contact the MFA team today.
To learn more, download our System and Organization Controls (SOC) Reports.