SOC for Cybersecurity Certificate

New York City, NY

Jun 25 - 26, 2018


SOC for Cybersecurity Certificate - NY

Cybersecurity threats are escalating, unnerving the boards of directors, managers, investors and other stakeholders of organizations of all sizes—whether public or private. Organizations are under increasing pressure to demonstrate that they are managing threats, and that they have effective processes and controls in place to detect, respond to, mitigate and recover from cybersecurity events.

To meet this need, we have introduced SOC for Cybersecurity, a solution that builds upon the profession's experience in auditing system and organization controls. For clients whose cybersecurity risk management programs are mature, an independent CPA can perform an examination, in which the CPA expresses an opinion on the client's description of its cybersecurity risk management program and an opinion on the effectiveness of the controls within that program.

This certificate will enable you to understand how to perform SOC for Cybersecurity attestation examinations using the AICPA's new cybersecurity risk management reporting framework. Earn this certificate and be among the first to showcase your knowledge about the AICPA's profession-wide approach to cybersecurity.

The two-day live event covers:

Day One

  • Overview of SOC Suite of Services
  • Overview of a Cybersecurity Risk Management Program
  • Overview of Description Criteria
  • Overview of Control Criteria

Day Two

  • Accepting & Planning a Cybersecurity Examination
  • Performing a Cybersecurity Examination
  • Forming the Opinion & Preparing the Practitioner's Report
View Agenda

Upon completing the learning, you will be awarded with a certificate in the form of a digital badge to be proudly displayed anywhere on the internet—a personal blog, a social network like LinkedIn, Facebook, Twitter, Mozilla Open Badges, a biographical page on a company website, or an online resume.

Learning Objectives:

This course will prepare you to understand:

  • The AICPA's Cybersecurity Risk Management reporting framework and how it may be used by organizations and practitioners to evaluate controls and communicate certain cybersecurity information to interested parties
  • The components of an organization's cybersecurity risk management program
  • The performance and reporting requirements of a SOC for Cybersecurity examination

Key Topics:

  • Cyberthreat landscape and the terminology used to describe various aspects of cybersecurity
  • Various SOC services
  • Components of cybersecurity risk management program
  • How to use the description criteria
  • How to use the control criteria to assess an entity's controls over cybersecurity
  • Key considerations prior to accepting a cybersecurity examination engagement and key planning considerations
  • Key steps involved in performing the cybersecurity risk management examination
  • Key factors to consider while forming the opinion and preparing the practitioner's report

Who Will Benefit?

  • This is designed for public accounting practitioners who are interested in providing cybersecurity attestation services (SOC for Cybersecurity) and want to build their competencies in and understanding of this service. Practitioners must have the appropriate skills and competencies, including IT expertise or access to IT professionals who possess those skills, to perform a SOC for Cybersecurity Engagement. For that reason, participants are likely to come from firms that currently provide SOC for Service Organizations services and are looking to expand into cybersecurity attestation services.
  • CPAs in public accounting firms who are providing non-consulting and advisory services for clients of the firms (e.g. tax or A&A services) and need to be able to intelligently convey the value of a cybersecurity risk management program to their clients (to then hand off to the cybersecurity specialist within the firm).
  • Management accountants and internal auditors who want to understand how their organizations can use the description criteria and trust services criteria, which are part of the AICPA's cybersecurity risk management framework, to evaluate the effectiveness of controls within their cybersecurity risk management program and to communicate information about that program to interested parties. In addition, the course will help them understand the SOC for Cybersecurity examination services that a CPA can provide to organizations.

Learning for Trust Services Criteria and Description Criteria

The content within this certificate program references the trust services criteria and description criteria. If you need guidance and examples, then consider purchasing Walkthrough of the Trust Services Criteria and Walkthrough of the Description Criteria.


Free eBook with purchase!
Reporting on an Entity's Cybersecurity Risk Management Program and Controls - Attestation Guide is free ($89 value) and will automatically be added to your cart and My Account when you purchase this certificate. Created by the AICPA, this authoritative guide provides interpretive guidance to enable CPAs to examine and report on an entity's cybersecurity risk management program and controls within that program. The guide delivers a framework which has been designed to provide stakeholders with useful, credible information about the effectiveness of an entity's cybersecurity efforts.

Additional savings!

IMTA Section Members, CITP Credential Holders and CGMA Designation Holders qualify for an additional $100 off! When you log into this website with your AICPA member user account, the section/credential discount will be automatically applied during checkout.

PCPS Members save an additional $100. Login here to obtain the discount code. If you are not a member, find out more about PCPS Membership benefits. Should you have any questions or encounter any issues, please contact the AICPA Service Center at 888-777-7077 or service@aicpa.org.

Speaker Bio

Thomas J. Gancarski, CIPP/E, CPA

Tom is a Senior Consultant at A-LIGN, a compliance, cyber risk & privacy, and cybersecurity firm, where he specializes in data privacy, risk management, and security compliance engagements relating to GDPR, Privacy Shield, and similar regulations. Prior roles include compliance and risk management positions at Deutsche Bank, HSBC and BNY Mellon. He also worked as an auditor at a regional consulting firm. Tom has spoken at cybersecurity events on multiple topics including governance and vendor risk management. Tom's interests include fraud investigations, board matters, business valuations, alternative dispute resolution, and expert testimony. He holds a JD and is licensed to practice law in Massachusetts. Tom is also a Certified Public Accountant (CPA) a Certified Information Privacy Professional/ Europe (CIPP/E), and a Certified Information Systems Auditor (CISA).

Group Sales Savings

Create learning retreats for your team!

Register 5 or more participants and receive significant savings. For more information, contact your conference group sales representative, Corinne Alford at Corinne.Alford@aicpa-cima.com.

Travel & Accommodations


AICPA Boardroom
1211 Avenue of the Americas, 19th Floor
New York, NY 10036

Business Casual

Cancellation Policy

On-Site Conference: You may cancel without penalty if cancellation request is received up to and including 45 days prior to the start of the conference. Due to financial obligations incurred by the AICPA, a credit less 50% of the registration fee will be issued for requests received up to and including 21 days prior to the start of the conference. No refunds or credits will be issued on cancellation requests received less than 21 days prior to the start of the event.

Online Conference: You may cancel and receive a refund if cancellation request is received up to and including 15 days prior to the start of the conference. You can cancel and receive a 100% credit if your registration is canceled within 7 days of the start of the conference. Due to financial obligations incurred by the AICPA, a 60% credit will be issued for requests received up to the day prior to the start of the conference. No refunds or credits will be issued on cancellation requests received once the online conference begins.

For more information about AICPA's conference cancellation policy, contact the AICPA Service Center at 1-888-777-7077 or service@aicpa.org.

Online Conference System Requirements

Attending Online is easy! Check the System Requirements below and install Adobe Flash if you haven't already, then visit this demo page once you're ready to check for compatibility.

NOTE: For sessions that are audio-only, you use the same player and have the experience as the above demo page, but there will be a static image in place of the video stream.

  • Adobe Flash plugin (Click on link to install) http://get.adobe.com/flashplayer/
  • Supported Browsers: Internet Explorer 8 or Higher, Firefox, Chrome, Safari
  • Computer with Speakers / Headset
  • High speed internet connection