As global cyberattacks become more common, organizations are fine tuning, or even implementing, a cybersecurity risk management program — and there is no better way to validate your cybersecurity risk management program than with an independent validation.
The American Institute of CPAs (AICPA) recently released the new Cybersecurity Risk Program examination, responding to a changing marketplace where cybersecurity is top of mind for many accountants, and helping organizations looking for an independent evaluation of their cybersecurity risk program.
This new examination is part of the AICPA’s redefined SOC reports. SOC reports previously stood for Service Organization Controls; now the term stands for System and Organization Controls. SOC for Cybersecurity has been added to the SOC 1, SOC 2, and SOC 3 suite of SOC reports.
“The introduction of the SOC for Cybersecurity reporting framework is an exciting development in the area of security focused risk management,” said Dan Zangwill, chief security officer for Capital Confirmation, which provides an online audit confirmation platform.
“At a time of increased reliance on third parties in the supply chain of technology solutions, holistic cybersecurity strategies are essential to the protection of an organization's networks and data. SOC for Cybersecurity offers a structured approach to implementing security controls which are efficient, measurable, and most importantly, mitigate risk. An independent report examining the effectiveness of these controls will be invaluable for companies wishing to assert a strong security posture to the marketplace.”