Reporting on an Entity's Cybersecurity Risk Management Program and Controls
Examining an entity’s cybersecurity risk management program and its controls, or just performing a readiness engagement? Look to this authoritative guide for interpretive guidance.
Format
E-book
Availability
Lifetime
Product Number
AAGCYB24E
Publication Date
2024
This guide is also available in a print edition.
In collaboration with Mimeo, this guide is available via print-on-demand. You’ll be passed onto the Mimeo website to complete your transaction. If you have questions about the Mimeo website or your order, email help@marketplace.mimeo.com or call (901) 566-8900.
To purchase the online subscription of this guide, go here.
The stakes have never been higher in cybersecurity.
This guide assists CPAs engaged to examine and report on an entity’s cybersecurity risk management program (SOC for Cybersecurity). It also contains information that can assist management in understanding its responsibilities with respect to the engagement.
Help build trust and transparency for stakeholders with our cybersecurity risk management reporting framework.
This authoritative guide shows you how to implement this framework in accordance with the attestation standards using two distinct but complementary sets of criteria:
- Description Criteria for Management’s Description of an Entity’s Cybersecurity Risk Management Reporting Program. Used by management to provide transparency regarding its cybersecurity risk management program and used by CPAs to report on management’s description.
- 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy (With Revised Points of Focus — 2022). Used by management to evaluate the effectiveness of controls and used by CPAs to evaluate and report on the effectiveness of controls.
This edition of the guide includes updates from SSAE No. 20, Amendments to the Description of the Concept of Materiality, and SSAE No. 21, Direct Examination Engagements.
Key Topics
- Interpretive guidance on performing and reporting on the cybersecurity risk management examination
- Illustrative examples of the three components of a cybersecurity risk management examination report: management’s description, management’s assertion, and the practitioner’s report
Who Will Benefit
- CPAs looking to support clients' cybersecurity efforts
- CPAs engaged to perform SOC for Cybersecurity examinations
- Management of an entity looking to issue a SOC for Cybersecurity report
Group ordering for your team
2 to 5 registrants
Save time with our group order form. We’ll send a consolidated invoice to keep your learning expenses organized.
Start order6+ registrants
We can help with group discounts. Email client.support@aicpa-cima.com
US customers call 1-800-634-6780 (option 1)