SOC, Meet Cybersecurity
As global cyberattacks become more common, organizations are fine tuning, or even implementing, a cybersecurity risk management program — and there is no better way to validate your cybersecurity risk management program than with an independent validation.
The American Institute of CPAs (AICPA) recently released the new Cybersecurity Risk Program examination, responding to a changing marketplace where cybersecurity is top of mind for many accountants, and helping organizations looking for an independent evaluation of their cybersecurity risk program.
This new examination is part of the AICPA’s redefined SOC reports. SOC reports previously stood for Service Organization Controls; now the term stands for System and Organization Controls. SOC for Cybersecurity has been added to the SOC 1, SOC 2, and SOC 3 suite of SOC reports.
“The introduction of the SOC for Cybersecurity reporting framework is an exciting development in the area of security focused risk management,” said Dan Zangwill, chief security officer for Capital Confirmation, which provides an online audit confirmation platform.
“At a time of increased reliance on third parties in the supply chain of technology solutions, holistic cybersecurity strategies are essential to the protection of an organization's networks and data. SOC for Cybersecurity offers a structured approach to implementing security controls which are efficient, measurable, and most importantly, mitigate risk. An independent report examining the effectiveness of these controls will be invaluable for companies wishing to assert a strong security posture to the marketplace.”
About DEBBIE ZALLER
Debbie Zaller is Chief Operating Officer at Schellman. Debbie is responsible for maintaining and driving operational results and executing the firm's strategic goals. Debbie oversees all daily operations of the firm while spearheading the development, communication and implementation of effective growth strategies and processes. Debbie has over 21 years of IT compliance and attestation experience. Debbie led the firm's Midwest, Southeast, and Northeast regions along with the national service lines of SOC 2 and Privacy service lines as Managing Principal before assuming the position of COO in 2021. Debbie holds a Master of Accounting degree from the University of Florida. She is a Certified Public Accountant, Certified Information Privacy Professional/United States, Certified Data Privacy Solutions Engineer, Certified Information Systems Security Professional, Certified Information Systems Auditor, and Certified Cloud Security Knowledge. She is currently an AICPA-approved and nationally listed SOC Specialist and speaker on various privacy topics. Debbie was on the AICPA Task Force for the Advanced SOC for Certification Exam, was a member of the Florida Institute of Certified Public Accountants Board of Governors and served on the Finance and Office Advisory Committee.