In response to the increase in cyber threats, the American Institute of CPAs (AICPA) has issued the Cybersecurity Risk Management Reporting Framework, a flexible and voluntary framework for organizations in any industry to take a proactive approach to cybersecurity risk management.
This framework will help both auditors and organizations to report on the controls in place used to prevent data breaches and hacking by providing a common framework with universal applicability.
About SOC for Cybersecurity
This framework is intended for management to use to design and describe its cybersecurity risk management program and by public accounting firms to report on management’s description and is a key component of the new SOC for Cybersecurity engagement. One of the benefits of this framework is its flexibility, as it allows for organizations to use criteria outside of the Trust Services Criteria as control criteria. This allows organizations to use frameworks such as the NIST Critical Infrastructure Cybersecurity Framework or ISO 27001/2 as the control criteria, if it is appropriate for the engagement per the AICPA’s attestation standards.
The cybersecurity report will include:
- Management’s description – The description of the entity’s cybersecurity risk management program.
- Management’s assertion – Management provides the assertion regarding the presentation and effectiveness of the controls in place to achieve the cybersecurity criteria.
- Practitioner’s opinion – A CPA firm’s opinion on the description and effectiveness of controls in place to achieve the cybersecurity criteria.
A-LIGN will offer the following reporting options:
- SOC for Cybersecurity Readiness Assessment: A-LIGN can ensure your organization is ready for the assessment by conducting a Readiness Assessment. This helps organizations ensure that they are prepared for the SOC for Cybersecurity engagement instilling the Cybersecurity Risk Management Framework within their organization.
- SOC for Cybersecurity Assessment: A-LIGN’s assessors will assess management’s description and assertion, as well as the controls designed to achieve the control objectives set within the cybersecurity criteria.
The Cyber Security Risk Management Program Objectives that can be assessed are:
- Integrity of Data
- Integrity of Processing
SOC for Cybersecurity Solutions Tailored to Your Company
Choosing A-LIGN as your partner in utilizing the Cybersecurity Risk Management Reporting Framework benefits your organization by:
- Providing a common framework to effectively communicate information regarding your organization’s cybersecurity risk management posture.
- Developing a competitive advantage against similar companies who are not utilizing a trusted cyber risk management framework.
- Providing your customer with peace of mind that your organization is taking the steps to appropriately secure information from data breaches and hacking.
The A-LIGN Edge
Our customized compliance solutions and streamlined audit process allow you to meet all of your audit and compliance needs with a single service provider. One-stop shopping means a stress-free audit process for you, as you work with one team who understands the unique needs of your organization. See what our clients have to say: