Reporting on an entity’s cybersecurity risk management program
Learn about the new reasonable assurance engagement practitioners can perform on an entity’s cybersecurity risk management program using System and Organization Controls (SOC) for cybersecurity assurance engagement.
In an increasingly complex and digital business environment, the stakes have never been higher in cybersecurity.
Learn how to protect your organization with the SOC for Cybersecurity Guide, a non-authoritative resource which has been adapted by CPA Canada from the AICPA version to meet Canadian standards. It is intended for practitioners who are engaged to report on an entity’s cybersecurity risk management program and controls.
This guide includes two distinct but complementary sets of description and control criteria you can use in cybersecurity risk management or readiness engagements.
Topics include:
- non-authoritative guidance on performing and reporting on the new cybersecurity risk management engagement
- description criteria issued in April 2017 by the AICPA's Assurance Services Executive Committee (ASEC)
- the 2017 trust services criteria issued in April 2017 by ASEC
- illustrative cybersecurity risk management reports, including illustrative independent assurance reports