SOC, Meet Cybersecurity

June 21, 2017 Debbie Zaller

As global cyberattacks become more common, organizations are fine tuning, or even implementing, a cybersecurity risk management program — and there is no better way to validate your cybersecurity risk management program than with an independent validation.

The American Institute of CPAs (AICPA) recently released the new Cybersecurity Risk Program examination, responding to a changing marketplace where cybersecurity is top of mind for many accountants, and helping organizations looking for an independent evaluation of their cybersecurity risk program.

This new examination is part of the AICPA’s redefined SOC reports. SOC reports previously stood for Service Organization Controls; now the term stands for System and Organization Controls. SOC for Cybersecurity has been added to the SOC 1, SOC 2, and SOC 3 suite of SOC reports.

“The introduction of the SOC for Cybersecurity reporting framework is an exciting development in the area of security focused risk management,” said Dan Zangwill, chief security officer for Capital Confirmation, which provides an online audit confirmation platform.

“At a time of increased reliance on third parties in the supply chain of technology solutions, holistic cybersecurity strategies are essential to the protection of an organization's networks and data. SOC for Cybersecurity offers a structured approach to implementing security controls which are efficient, measurable, and most importantly, mitigate risk. An independent report examining the effectiveness of these controls will be invaluable for companies wishing to assert a strong security posture to the marketplace.”

Read the full article on Accounting Today's website

About the Author

Debbie Zaller

Debbie Zaller is a Principal at Schellman & Company,LLC. Debbie leads the SOC 2 and SOC 3 service line and is also an AICPA SOC Specialist. Debbie has over 15 years of IT attestation experience and currently spearheads Schellman’s SOC 2 practice, where she is responsible for internal training, methodology creation, and quality reporting. Debbie was a past member of the Florida Institute of Certified Public Accountants’ Board of Governors and served on the Finance and Office Advisory Committee.

More Content by Debbie Zaller
Previous Article
Crash Course on Ransomware
Crash Course on Ransomware

Despite the grand scale of the WannaCry attack, ransomware is not actually a new concept

Next Article
Powered by Purpose
Powered by Purpose

What is purpose? We hear the word often, but have we stopped to think about it.


Subscribe now
to receive content updates once a week

First Name
Error - something went wrong!