SOC FOR CYBERSECURITY

Is your organization prepared for a cybersecurity attack? Boards of directors, senior management, and other stakeholders are requesting more information than ever before about organizations’ cybersecurity risk management programs.

Using the AICPA’s SOC for Cybersecurity framework, Kompleye can provide assurance over the effectiveness of controls within your organization’s cybersecurity risk management program, helping build trust and transparency for customers, investors, and leadership.

Kompleye deploys multidisciplinary teams composed of licensed CPAs and information technology and security specialists to ensure a comprehensive and thorough evaluation of your cybersecurity risk management program and its effectiveness in meeting your organization’s cybersecurity objective.

What the AICPA says 

The SOC for Cybersecurity examination provides an independent, entity-wide assessment of your organization’s cybersecurity risk management program.

• Appropriate for businesses, not-for-profits, and virtually any other type of organization
• Helps reduce uncertainty and build resilient organizations by evaluating the effectiveness of existing cybersecurity processes and controls
• Permits flexibility by not constraining management to a particular security management framework or control framework
• Results in a general use report on whether: – The description of an entity’s cybersecurity risk management program is presented in accordance with description criteria and – The controls within that program were effective in achieving the entity’s cybersecurity objectivesThe education, experience and expertise of CPAs position them as the premier providers of SOC for Cybersecurity services.Knowledge of relevant IT systems and technology, including mainframes, networking, firewalls, network management systems, security protocols and operating systems

Understanding of IT processes and controls — such as management of operating systems, networking and virtualization software and related security techniques; security principles and concepts; software development; and incident management and information risk management experience with common cybersecurity publications and frameworks (NIST CSF, ISO 27001/27002, 2013 COSO Internal Control-Integrated Framework, COBIT 5, etc.)Expertise in evaluating processes, control effectiveness and providing advisory services relating to these matters

Multidisciplinary teams that incorporate certified information security professionals such as Certified Information Systems Security Professionals (CISSP), Certified Information Systems Auditors (CISA), and Certified Information Technology Professionals (CITP®)

Proficiency in measuring performance against established criteria, applying appropriate procedures for evaluating against those criteria, and reporting results

Strict adherence to service-specific professional standards, professional code of conduct, and quality control requirements

Holistic understanding of the entity’s industry and business, including whether the industry in which the entity operates is subject to specific types of or unusual cybersecurity risks and uses specific industry technology systems

• Objectivity, credibility and integrity
• Independence, professional skepticism, and commitment to quality
• Strong analytical skills International perspective for global organizations