Organizations are under increased pressure to demonstrate that they are managing cybersecurity threats, and that they have effective processes and controls in place to detect, respond to, mitigate and recover from breaches and other security events. With these threats in mind, the AICPA has developed a new System and Organization Controls (“SOC”) for Cybersecurity engagement. This report uses their cybersecurity risk management reporting framework to assist companies as they communicate relevant and useful information about the effectiveness of their cybersecurity risk management programs.
We will discuss the SOC for Cybersecurity report plus how it relates to SOC 2 reports and the recent SSAE 18 changes.