SOC for Cybersecurity Certificate (SOCCC)

Course Description Schedule Course Outline

Course Overview

AICPA Members, use promo code AICPAFL300 to receive $300 off the event price.

Cybersecurity threats are escalating, unnerving the boards of directors, managers, investors and other stakeholders of organizations of all sizes—whether public or private. Organizations are under increasing pressure to demonstrate that they are managing threats, and that they have effective processes and controls in place to detect, respond to, mitigate and recover from cybersecurity events.

To meet this need, we have introduced SOC for Cybersecurity, a solution that builds upon the profession's experience in auditing system and organization controls. For clients whose cybersecurity risk management programs are mature, an independent CPA can perform an examination, in which the CPA expresses an opinion on the client's description of its cybersecurity risk management program and an opinion on the effectiveness of the controls within that program.

This certificate will enable you to understand how to perform SOC for Cybersecurity attestation examinations using the AICPA's new cybersecurity risk management reporting framework. Earn this certificate and be among the first to showcase your knowledge about the AICPA's profession-wide approach to cybersecurity.

The two-day live event covers:

Day One

  • Overview of SOC Suite of Services
  • Overview of a Cybersecurity Risk Management Program
  • Overview of Description Criteria
  • Overview of Control Criteria

Day Two

  • Accepting & Planning a Cybersecurity Examination
  • Performing a Cybersecurity Examination
  • Forming the Opinion & Preparing the Practitioner's Report

This live event is also offered as a webcast or a self-study online through the AICPA.
Register for an upcoming webcast
Purchase the SSO

Instructional delivery method: Live
Recommended CPE credit: 20
Recommended field of study: Auditing
Prerequisites: Familiarity with the cybersecurity description criteria and the trust services criteria
Program level: Intermediate
Advance preparation: None – but please note that the content within this certificate program references the trust services criteria and description criteria. If you need guidance and examples, then consider purchasing Walkthrough of the Trust Services Criteria and Walkthrough of the Description Criteria.
Important Information on Your CPE Credit
Digital Badge: Upon completing the learning, you will be awarded with a certificate in the form of a digital badge to be proudly displayed anywhere on the internet—a personal blog, a social network like LinkedIn, Facebook, Twitter, Mozilla Open Badges, a biographical page on a company website, or an online resume.

Who should attend

Who Will Benefit?

  • This is designed for public accounting practitioners who are interested in providing cybersecurity attestation services (SOC for Cybersecurity) and want to build their competencies in and understanding of this service. Practitioners must have the appropriate skills and competencies, including IT expertise or access to IT professionals who possess those skills, to perform a SOC for Cybersecurity Engagement. For that reason, participants are likely to come from firms that currently provide SOC for Service Organizations services and are looking to expand into cybersecurity attestation services.
  • CPAs in public accounting firms who are providing non-consulting and advisory services for clients of the firms (e.g. tax or A&A services) and need to be able to intelligently convey the value of a cybersecurity risk management program to their clients (to then hand off to the cybersecurity specialist within the firm).
  • Management accountants and internal auditors who want to understand how their organizations can use the description criteria and trust services criteria, which are part of the AICPA's cybersecurity risk management framework, to evaluate the effectiveness of controls within their cybersecurity risk management program and to communicate information about that program to interested parties. In addition, the course will help them understand the SOC for Cybersecurity examination services that a CPA can provide to organizations.

Course Objectives

This course will prepare you to understand:

  • The AICPA's Cybersecurity Risk Management reporting framework and how it may be used by organizations and practitioners to evaluate controls and communicate certain cybersecurity information to interested parties
  • The components of an organization's cybersecurity risk management program
  • The performance and reporting requirements of a SOC for Cybersecurity examination

Outline: SOC for Cybersecurity Certificate (SOCCC)

Key Topics:

  • Cyberthreat landscape and the terminology used to describe various aspects of cybersecurity
  • Various SOC services
  • Components of cybersecurity risk management program
  • How to use the description criteria
  • How to use the control criteria to assess an entity's controls over cybersecurity
  • Key considerations prior to accepting a cybersecurity examination engagement and key planning considerations
  • Key steps involved in performing the cybersecurity risk management examination
  • Key factors to consider while forming the opinion and preparing the practitioner's report
Classroom Training
Modality: C

Duration 2 days

  • United States: US$ 2,025
Enroll now
Online Training
Modality: L

Duration 2 days

  • United States: US$ 2,025
Enroll now
Click City Name To Book Schedule
This is an Instructor-Led Classroom course
This is an Instructor-Led Online (ILO) course. These sessions are conducted via WebEx in a VoIP environment and require an Internet Connection and headset with microphone connected to your computer or laptop.
This is a FLEX course, which is delivered simultaneously in two modalities. Choose to attend the Instructor-Led Online (ILO) virtual session or Instructor-Led Classroom (ILT) session.
United States
Dec 13-14, 2018 Online Training 09:00 US/Eastern Enroll
Dec 13-14, 2018 Denver, CO 09:00 US/Mountain Enroll
Dec 20-21, 2018 Seattle, WA 09:00 US/Pacific Enroll
Dec 20-21, 2018 Atlanta, GA 09:00 US/Eastern Enroll
Jan 10-11, 2019 Online Training 09:00 US/Central Enroll
Jan 17-18, 2019 Chicago, IL 09:00 US/Central Enroll
Jan 24-25, 2019 Herndon/Reston, VA 09:00 US/Eastern Enroll
Jan 31-Feb 1, 2019 Online Training 09:00 US/Pacific Enroll
Feb 7-8, 2019 Charlotte, NC 09:00 US/Eastern Enroll
Feb 14-15, 2019 Dallas, TX 09:00 US/Central Enroll