AICPA’s  cybersecurity risk management reporting framework helps organisations communicate about and CPAs report on cybersecurity risk management programs.  

Break down of requirements

5 broad categories, 12 sections, 61 subsections, 296 criteria

Best suited for

For businesses who need to provide third parties with a independent audit report that has evaluated the suitability of the design and operating effectiveness of controls relevant to the security, availability, or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the systems at an entity, a division, or an operating unit of an entity.

Can a business be certified or assessed against this standard?

Yes, authorised auditors can audit an organisation against this standard using the AICPA  Attestation Guide Reporting on an Entity’s Cybersecurity Risk Management  Program and Controls

Who can assess or audit a business against this standard?

Independent CPAs under AT-C section 105, Concepts Common to All Attestation Engagements, and AT-C section 205, Examination Engagements (AICPA, Professional Standards)

Governed by

American Institute of Certified Public Accountants, Inc. (AICPA)

Region focus


How Assuredly can help you align to this standard or framework?

By conducting an Assuredly SOC2 Assessment companies can instantly access maturity scores against every requirement set out by this standard and get automated suggested action plans and access to abroad range of tools and templates to uplift controls required to achieve their certification.

Discover the exceptional world of Assuredly - your ultimate platform for achieving unparalleled business excellence! We offer an exclusive guided process designed to seamlessly assess your business against the coveted SOC2 requirements. Experience a personalised journey with expert assistance at every step, empowering you to access invaluable information on control requirements, testing procedures, and even the precise evidence auditors seek. With just a click, witness the magic unfold as outcomes are instantly showcased on a dynamic dashboard. But that's not all – brace yourself for the added advantage of creating meticulously detailed reports, effortlessly aligning findings to risks and controls. Elevate your security standards and join the Assuredly revolution today! Sign up now for a secure future!

Book a free demonstration or talk to one of our team today to uncover how we can help ensure you align to standards while also understanding your risks and knowing what action to take to keep your business secure.