Cybersecurity threats are an ever evolving field. The AICPA has introduced SOC for Cybersecurity that enables CPAs to examine and report on an organization’s cybersecurity risk management program. SOC for Cybersecurity is a cybersecurity risk management reporting framework, which enables all organizations in all industries throughout the world to take a proactive approach to cybersecurity risk management and the ability to communicate the effectiveness and extent of the cybersecurity controls they have in place. During this presentation, we will introduce the SOC for Cybersecurity engagement, including which organizations should consider pursuing a SOC for Cybersecurity and how this engagement differs from a SOC 2 examination.
After completing this session, learner will understand: - What a SOC for Cybersecurity is - Which organizations should consider a SOC for Cybersecurity - What the examination reviews - What is included in the report and who the intended users are - How an organization determines the description and control criteria for the examination - How it differs from a SOC 2
Lauren Edmonds is a Principal at Schellman & Company with more than 15 years of audit and compliance experience. Lauren maintains the CISSP, CISA, CCSK, and Advanced SOC for Service Organizations certifications, PCI QSA designation, and is trained as a lead auditor for ISO 27001, ISO 9001, ISO 20000-1 and ISO 22301 Standards. Danny Manimbo is a Senior Manager at Schellman & Company with more than eight years of audit and compliance experience. Danny maintains the CPA, CISSP, CISA, CIA, and Advanced SOC for Service Organizations certifications and is trained as a lead auditor for ISO 27001, ISO 9001, and ISO 22301 Standards.