Unlike a SOC 1 or SOC 2 examination, the SOC for Cybersecurity is designed to be a communication tool to drive executive-level conversations around cyber risk management. A successful SOC for Cybersecurity examination provides company leadership, board members, and investors with the confidence that your cyber security program is aligned with industry standards and equips them with the insight they need to make key business decisions. For these types of examinations, Focal Point pairs the experience of our CPA team with the expertise of our cyber security specialists to help you prepare for this assessment or to provide you with an insightful report that allows your organization to make smart cyber risk management decisions.
While the SOC for Cybersecurity and the SOC 2 examinations both have a focus, on data security and privacy, these are two distinct reports. The scope of a SOC for Cybersecurity is your enterprise cyber security program, and the examination is based on the AICPA’s Description Criteria and either the AICPA Trust Services Criteria, NIST 800-53 framework, or ISO 27001. A SOC for Cybersecurity is an excellent tool for communicating with your executive team, informing your board, investors, and C-suite on the effectiveness of your program.
A SOC 2 focuses on specific IT-related controls and provides your customers and partners with assurance that the controls are suitably designed and/or operating effectively.” Attestation for this report is based on the Trust Services Criteria and can be paired with the HITRUST CSF.
Preparing for a SOC for Cybersecurity examination is an excellent opportunity to evaluate the effectiveness of the processes, policies, controls, and technologies within your cyber security program. Focal Point’s cyber security experts specialize in industry frameworks like ISO 27001 and NIST 800-53 and will work with our experienced CPA team to help you prepare for this important examination. As part of our readiness services, we’ll help you identify gaps in compliance with these key frameworks and provide a roadmap to improve controls, develop new policies, and enhance your processes.
When you’re ready, Focal Point’s seasoned team of CPAs and cyber security professionals will perform an expert examination of your enterprise cyber security program, evaluating the relevance, objectivity, measurability, and completeness of the cyber security controls in place at your organization. The resulting report will clearly demonstrate to your organization’s leadership the effectiveness your cyber security program and will guide them as they make decisions around cyber risk management.
Burke & Associates CPAs, LLP d/b/a Focal Point Data Risk Assurance (“Focal Point Assurance”) is a partner-owned, independent CPA firm licensed in Florida that performs audit, review and other attest services to clients in a variety of sectors. Focal Point Assurance operates in an alternative practice structure with Focal Point Data Risk, LLC, a professional services firm. Through separate and independent legal entities, Focal Point Assurance and Focal Point Data Risk, LLC work closely together to serve clients’ business needs. Focal Point Data Risk, LLC and its affiliated advisory companies are not licensed CPA firms. Focal Point Assurance and Focal Point Data Risk, LLC are member firms of Focal Point, an affiliation of separate and independent legal professional services firms. “Focal Point” is the brand name for the Focal Point network. Any services described herein are provided by Focal Point Assurance or Focal Point Data Risk, LLC (as the case may be) and not by any other member firm of Focal Point. No member firm of Focal Point has any liability for services provided by other member firms.