Survey Says: One-third of Executives Focused on SOC for Cybersecurity
Numerous new regulations are putting the onus on businesses like yours to protect stakeholders, including clients, vendors and investors, from potential cyberattacks on your organization. Now there is a standardized set of controls companies can follow to help create a common language for cybersecurity, and executives throughout the United States are taking notice.
A poll released by Deloitte last June said about one third of executives plan to adopt the American Institute for Certified Public Accountants (AICPA) System and Organization Controls (SOC) for Cybersecurity framework. About 19 percent of those executives plan to do so within the next year.
The AICPA SOC for Cybersecurity attestation framework was finalized in April 2017 and serves as a voluntary market-driven solution intended to provide companies with a common language reporting mechanism to communicate with key stakeholders on how they’re managing cybersecurity risk. Improving stakeholder visibility, including boards and audit committees, regulators, customers, business partners, and investors, is an underlying tenet of the framework.
Boards planning to have a robust assurance reporting process to effectively challenge management’s assertions with respect to company wide cybersecurity risk management program effectiveness can leverage AICPA’s SOC for Cybersecurity reporting framework. Before implementing the AICPA SOC for Cybersecurity framework, your business should consider a readiness assessment that includes these activities:
- Perform a risk assessment to identify the highest critical assets and update existing IT risk and control catalogs;
- Define the company’s cyber risk management program and conduct an IT risk and controls assessment for critical assets and underlying infrastructure;
- Conduct a gap analysis of identified control deficiencies;
- Develop a remediation roadmap with prioritized activities and defined due dates;
- Execute remediation activities to address the control deficiencies identified.
If this seems overwhelming, hiring an IT consultant like 2W Tech can help your organization wade through the maze that is the AICPA SOC. Contact us today to assist you in getting a handle on your cybersecurity protection. 2W Tech is a full-service IT Consulting firm that specializes in Security solutions.