The AICPA Cybersecurity Working Group brought to life a new type of cybersecurity examination report in 2017 known as SOC (System and Organization Control) for Cybersecurity. These reports are intended to provide a consistent approach for evaluating and reporting on an entity’s cybersecurity risk management program and give management the ability to consistently describe its cybersecurity risk management program. Additionally, the flexibility of the reports allows management to use any recognized security framework as a baseline, while enabling a CPA to provide independent assurance on the effectiveness of the program’s design.
In this podcast from the Institute of Internal Audit meeting in Knoxville, LBMC Information Security’s Bill Dean and Drew Hendrickson discuss SOC for Cybersecurity reports and what organizations and IT professionals should know about this new report and how it could help their organizations.
Listen, and discover these key takeaways:
- A brief introduction to SOC for Cybersecurity
- Elements found within an SOC for Cybersecurity report
- The role of CPA firms in cybersecurity
- Differences in SOC 2 versus SOC for Cybersecurity
- An explanation of who needs SOC for Cybersecurity
Subscribe to the Cybersecurity Sense Podcast on iTunes.
To learn more about LBMC Information Security or to speak to one of our trusted professionals about our services, including SOC for Cybersecurity reports, contact us today!