WithumSmith+Brown System and Organization Controls (SOC) Team Authors and Presents Inaugural AICPA SOC for Cybersecurity Certification
When the AICPA hosted its flagship System and Organization Controls (SOC) for Cybersecurity Certification course this past week, members of WithumSmith+Brown, PC’s SOC for Cybersecurity Services Groups served as lead instructors for the curriculum. This first-of-its-time program also was authored by the professionals from the advisory, tax and audit firm. In total, seven Withum professionals also are among the first CPAs nationwide to earn the AICPA’s SOC for Cybersecurity digital badge.
A market-driven, flexible and voluntary reporting framework, SOC helps organizations communicate their cybersecurity risk management program initiatives as well as effectiveness of controls.
Withum’s certified SOC for Cybersecurity team members includes Tony Chapman, partner and SOC practice leader; Anurag Sharma, principal; Scott Mahoney, senior manager; Jim Bourke, partner, director of advisory practice; Stephanie Fitzgerald, SOC senior manager; Anupam Goradia, SOC senior manager; and Andrea Fernandez, SOC staff auditor. These certifications have earned Withum the distinction of having more AICPA-authorized SOC specialists, to perform peer reviews on SOC engagements, than any other CPA firm nationwide.
As a leader in SOC and cybersecurity and information security services, Withum has once again distinguished itself – this time as it relates to the new cybersecurity risk management reporting framework,” said Chapman. “Our firm is among the first and has the highest concentration of fully designated SOC professionals authorized to provide peer reviews. Jim Bourke
AICPA has retained Withum to write, present live and record on-demand viewings of the first SOC for Cybersecurity Certificate training course for SOC professionals. Three of Withum’s professionals, Chapman, Sharma, and Mahoney, served as course authors and presenters. Topics addressed in the AICPA-sponsored course offer an overview of the cyber threat landscape and terminology, various SOC services, components of a cybersecurity risk management program, utilization of criteria to assess an entity’s controls, key steps for performing the cyber risk-management examination and factors to consider while forming the opinion and preparing the practitioner’s report.
SOC for Cybersecurity is a new entity-wide cybersecurity audit that allows organizations to report on their cybersecurity management programs to internal and external stakeholders with credibility. For clients whose cybersecurity risk management programs are mature, an independent third-party firm can perform a comprehensive examination to assess cybersecurity risk management programs.
More on SOC for Cybersecurity Services