Cybersecurity Framework “SOCs” It to Cyber Threats

Businesses are increasingly reliant on technology to achieve organizational objectives. However, with the convenience and efficiency of technology come intensifying risks of data loss and theft. High-profile data breaches top news headlines daily. Protecting your organization’s electronic assets from theft is an utmost priority.

Cybersecurity deficiencies can expose organizations to irreparable reputational damage. Evaluating your organization’s cybersecurity risks and controls is paramount. Until recently, however, there was not a unified framework that allowed organizations to communicate with stakeholders in a common and concise language about the extent and effectiveness of controls in place to mitigate cybersecurity risk.

To offer a solution to this issue, the AICPA developed a cybersecurity risk management reporting framework. The framework is an essential component of the System and Organization (SOC) for Cybersecurity engagement. This engagement allows certified public accountants (CPAs) to issue an opinion on the effectiveness of the organization’s cybersecurity controls and threat mitigation.

For those familiar with Service Organization Control reports already issued by CPAs, the fundamentals are the same: a qualified CPA reports on the accuracy of management’s description and evaluates the effectiveness of management’s controls over cybersecurity risk. The key difference, however, is that these reports are not limited to service organizations. In fact, the AICPA renamed the reporting method so that the “S” in SOC now stands for “System” instead of “Service.” This change broadens the scope of the report to cover any industry and organization that would find itself at risk from cyber threats.

An additional benefit of the cybersecurity risk management reporting framework is that it is flexible, yet consistent. This advantage allows the framework to seamlessly complement existing cybersecurity risk management frameworks. Management can encourage organizations to use the framework to evaluate their own programs and standardize assessment of their cybersecurity control environment. Once management has established a thorough system of controls to mitigate cybersecurity risk, a qualified CPA may attest to management’s control description, as well as the design and operating effectiveness of the controls.

CPAs can provide both advisory and attestation engagements related to cybersecurity frameworks. Advisory engagements are designed to help clients strengthen their cybersecurity control programs, while attestation engagements provide an opinion on the entity’s description and effectiveness of controls.

Lastly, organization stakeholders benefit from having their financial and reputational interests secured, thereby increasing confidence in an organization’s due diligence to proactively address and reduce risks from both external and internal cyber threats.

PYA has released a white paper that discusses the importance of the AICPA’s cybersecurity risk management framework and SOC for Cybersecurity in assessing the strength and effectiveness of cybersecurity risk management programs.  Download the white paper here.

If you would like more information about SOCs for cybersecurity, or would like to request a speaker for your organization or event, contact one of our PYA executives below at (800) 270-9629.


Barry Mathis

Barry Mathis

Principal

Mike Shamblin

Mike Shamblin

Managing Principal of Audit & Assurance Services

Related Posts
The term “one size fits all” may be desirable in certain circumstances.  But, in many cases, the phrase more often translates to “just kind of fits.”  This is particularly true...
Read More

Finding the Right Fit: 4 Considerations When Choosing a Healthcare Auditor

Large data breaches impacting millions regularly make news headlines; and, increasingly, small businesses are becoming frequent targets of cyberattacks.  In response, states across the country are beginning to introduce laws...
Read More

A Matter of Time: States Adopt New Cyber Security Requirements

PYA ranks on INSIDE Public Accounting’s list of Top 100 Accounting Firms for the third consecutive year.  PYA, a national accounting and management consulting firm, has been ranked as a...
Read More

PYA Again Among IPA’s Top 100 Largest Accounting Firms

Baltimore, Maryland, will be the host city for the American Health Lawyers Association 2018 Fraud and Compliance Forum.  The forum, which takes place September 26-28, offers fundamental, intermediate, and advanced...
Read More

PYA Supports AHLA Educational Efforts at 2018 Fraud and Compliance Forum

Becker’s Hospital Review recently published a synopsis, “Cardiologist shortage is coming: 5 things to know,” based on PYA’s latest infographic. The infographic shines a spotlight on the interrelated nature of...
Read More

PYA Infographic Featured in Becker’s Hospital Review

FVS Consulting Digest recently published an article, “The Opioid Crisis: The Important Role of CPAs,” co-authored by PYA Senior Manager Valerie Rock.  The article outlines the crucial role CPAs play...
Read More

The Opioid Crisis: The Important Role of CPAs

On July 12, the Centers for Medicare & Medicaid Services (CMS) published its 2019 Medicare Physician Fee Schedule Proposed Rule (Proposed Rule).  Weighing in at nearly 1,500 pages, the Proposed...
Read More

Changes to the Clinical Laboratory Fee Schedule in the 2019 Medicare Physician Fee Schedule Proposed Rule

On July 12, the Centers for Medicare & Medicaid Services (CMS) published its 2019 Medicare Physician Fee Schedule Proposed Rule (Proposed Rule).  Weighing in at nearly 1,500 pages, the Proposed...
Read More

Changes to Part B Drug Pricing in the 2019 Medicare Physician Fee Schedule Proposed Rule

On July 12, the Centers for Medicare & Medicaid Services (CMS) published its 2019 Medicare Physician Fee Schedule Proposed Rule (Proposed Rule).  Weighing in at nearly 1,500 pages, the Proposed...
Read More

2019 Medicare Physician Fee Schedule Proposed Rule

Share This Insight

If you received value from this article, please share it with your network (e.g., Facebook, Twitter, LinkedIn). Icons below for your convenience.

Stay Current

PYA Population Health Ascend

PYA Healthcare Blog

PYA Thought Leadership Services

The Healthcare Loop