O'Reilly logo

Guide: Reporting on an Entity's Cybersecurity Risk Management Program and Controls by American Institute of Certified Public Accountants

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Appendix B

Illustrative Comparison of the Cybersecurity Risk Management Examination with a SOC 2 Examination and Related Reports

This appendix is nonauthoritative and is included for informational purposes only.

The following table compares the cybersecurity risk management examination with a SOC 2 engagement and related reports. Within the Cybersecurity Risk Management Examination and the SOC 2 Engagement columns, certain text is set in bold to highlight key distinctions between the two types of engagement.,

 

Cybersecurity Risk Management Examination1

SOC 2 Engagement2,3

What is the purpose of the report?

To provide intended users with useful information about an entity’s cybersecurity risk management program for making informed decisions

To provide a broad range of system users with information about controls at the service organization relevant to security, availability, processing integrity, confidentiality, or privacy to support users’ evaluations of their own systems of internal control

Who are the intended users?

Management, directors, analysts, investors, and others whose decisions might be affected by the effectiveness of the entity’s cybersecurity risk management program

Management of the service organization and other specified parties with sufficient knowledge and understanding of the service organization and its system

Under what professional standards and implementation guidance is the engagement performed?

AT-C section 105, Concepts Common to All ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required