The AICPA has issued the Cybersecurity Risk Management Reporting Framework as a flexible framework for organizations to take a proactive approach to cybersecurity risk management. This framework is intended for management to use to design and describe its cybersecurity risk management program and is a key component of the new SOC for Cybersecurity engagement.
The SOC for Cybersecurity report will include:
- Management’s description – The description of the entity’s cybersecurity risk management program.
- Management’s assertion – Management provides the assertion regarding the presentation and effectiveness of the controls in place to achieve the cybersecurity criteria.
- Practitioner’s opinion – A CPA firm’s opinion on the description and effectiveness of controls in place to achieve the cybersecurity criteria.
A-LIGN can assist your organization by providing the following reporting options:
- SOC for Cybersecurity Readiness Assessment: A-LIGN can ensure your organization is ready for the assessment by conducting a Readiness Assessment. This helps organizations ensure that they are prepared for the SOC for Cybersecurity engagement instilling the Cybersecurity Risk Management Framework within their organization.
- SOC for Cybersecurity Assessment: A-LIGN’s assessors will assess management’s description and assertion, as well as the controls designed to achieve the control objectives set within the cybersecurity criteria.
Why Choose A-LIGN?
- A-LIGN can help you provide your stakeholders with a consistent framework to effectively communicate how you are managing cybersecurity risk.
- As a licensed CPA firm that offers both audit and security assessments, A-LIGN can be a resource to your organization as you navigate the cybersecurity risk and compliance landscape.
- Our customer service is unparalleled in our industry. A-LIGN will be with your company every step of the way, making for a smooth and stress-free audit process.
Let us answer your questions about the SOC for Cybersecurity engagement and the Cybersecurity Risk Management Reporting Framework that it encompasses.