Information SecurityUnited States (AICPA)
SOC for Cybersecurity — Cybersecurity Risk Management Examination
SOC for Cybersecurity, introduced by the AICPA in 2017, provides a framework for reporting on an organisation's cybersecurity risk management programme. Unlike SOC 2 (which focuses on service organisations), SOC for Cybersecurity is designed for any organisation to communicate about its cybersecurity efforts.
Domains
Trust Services Criteria — Confidentiality
Trust Services Criteria — Availability
Trust Services Criteria — Security
Description Criteria — Cybersecurity Controls
Description Criteria — Cybersecurity Risk Governance
Compare SOC for Cybersecurity — Cybersecurity Risk Management Examination
SOC for Cybersecurity — Cybersecurity Risk Management Examination vs ISO 27001:2022View comparison →SOC for Cybersecurity — Cybersecurity Risk Management Examination vs SOC 2View comparison →SOC for Cybersecurity — Cybersecurity Risk Management Examination vs NIST CSF 2.0View comparison →SOC for Cybersecurity — Cybersecurity Risk Management Examination vs GDPRView comparison →SOC for Cybersecurity — Cybersecurity Risk Management Examination vs HIPAAView comparison →SOC for Cybersecurity — Cybersecurity Risk Management Examination vs PCI DSS 4.0View comparison →
SOC for Cybersecurity — Cybersecurity Risk Management Examination by Industry
SOC for Cybersecurity — Cybersecurity Risk Management Examination for Healthcare→SOC for Cybersecurity — Cybersecurity Risk Management Examination for Financial Services→SOC for Cybersecurity — Cybersecurity Risk Management Examination for Technology→SOC for Cybersecurity — Cybersecurity Risk Management Examination for Government→SOC for Cybersecurity — Cybersecurity Risk Management Examination for Manufacturing→SOC for Cybersecurity — Cybersecurity Risk Management Examination for Energy→SOC for Cybersecurity — Cybersecurity Risk Management Examination for Retail→SOC for Cybersecurity — Cybersecurity Risk Management Examination for Education→
SOC for Cybersecurity — Cybersecurity Risk Management Examination by Role
SOC for Cybersecurity — Cybersecurity Risk Management Examination for CISOs→SOC for Cybersecurity — Cybersecurity Risk Management Examination for Compliance Officers→SOC for Cybersecurity — Cybersecurity Risk Management Examination for Risk Managers→SOC for Cybersecurity — Cybersecurity Risk Management Examination for IT Directors→SOC for Cybersecurity — Cybersecurity Risk Management Examination for DPOs→SOC for Cybersecurity — Cybersecurity Risk Management Examination for Auditors→
Frequently Asked Questions
What is SOC for Cybersecurity?
SOC for Cybersecurity, introduced by the AICPA in 2017, provides a framework for reporting on an organisation's cybersecurity risk management programme. Unlike SOC 2 (which focuses on service organisations), SOC for Cybersecurity is designed for any organisation to communicate about its cybersecurity efforts.
How many controls does SOC for Cybersecurity have?
SOC for Cybersecurity contains 16 controls organized across 6 domains.
Where does SOC for Cybersecurity apply?
SOC for Cybersecurity is applicable in United States (AICPA). Organizations operating in or serving customers in this jurisdiction should evaluate its requirements.
What frameworks does SOC for Cybersecurity map to?
SOC for Cybersecurity has control-to-control mappings with 176 other compliance frameworks in our database. Use our compliance platform to explore these mappings interactively.
How do I get started with SOC for Cybersecurity compliance?
Start by understanding the framework's key controls and domains. Our compliance platform provides AI-powered gap analysis and mapping tools to help you assess your current posture and build a remediation plan.
How ready are you for SOC for Cybersecurity — Cybersecurity Risk Management Examination?
Answer 25 questions and get a professional readiness report with gap analysis, maturity scores, and prioritised action items. Results in 5 minutes.