CPE Self-Study
SOC for Cybersecurity Certificate Program
Online: 30.0, 14.5
Help your clients navigate threats as a trusted business adviser for their cybersecurity risk management programs. Learn how with this self-paced CPE certificate program

Log in to your AICPA Store account for your member discounts

Double the learning for big savings

Buy this certificate program on its own, or pair it with the Cybersecurity Advisory Services Certificate Program. Save up to $700 when you select the Online (Bundle, 2018) option above.

CPE On-Demand
AICPA’s online CPE courses will operate in a variety of configurations, but only the configuration described below is supported by our technicians.

A stable and continuous internet connection is required
In order to record your completion of the online learning courses, please ensure you are connected to the internet at all times while taking the course. It is your responsibility to validate that CPE certificate(s) are available within your My Account after successfully completing the course and/or exam. Please contact us at 1.888.777.7077 or service@aicpa.org with any questions or concerns related to your CPE certificate(s).

Supported Operating Systems:

  • Macintosh OS X 10.10 to present
  • Windows 7 to present

Supported Browsers:

  • Apple Safari
  • Google Chrome
  • Microsoft Internet Explorer
  • Mozilla Firefox

Required Browser Plug-ins:

Note: Your course will be accessible immediately after completing your purchase. Access instructions will be shown on the Order Confirmation Screen and included in your Order Confirmation Email, or click My Account at the top of the page, select My Purchases and then My Online Learning tab.

Technical Support: Please contact service@aicpa.org or use the Contact Us Form.

Accessibility: The Association of International Certified Professional Accountants (Association) is dedicated to removing barriers to the accountancy profession and ensuring that all accountancy professionals and other members of the public with an interest in the profession or joining the profession, including those with disabilities, have access to the profession and the Association’s website, educational materials, products, and services.  The Association is committed to making professional learning accessible to all.  This commitment is maintained in accordance with applicable law.  For additional information, please refer to the Association’s Website Accessibility Policy.

If this symbol is displayed under Delivery Type on the product page, this product offers closed captioning.

For accommodation requests, please contact adaaccessibility@aicpa-cima.com and indicate the product that you are interested in (title, etc.) and the requested accommodation(s): Audio/Visual/Other. A member of our team will be in contact with you promptly to make sure we meet your needs appropriately.

Product details

The state of cyber-threats and the measures against them

Who Will Benefit?

Note: You must have either IT expertise or access to IT professionals who possess the skills to perform this work.

  • Public accounting practitioners interested in providing cybersecurity attestation services (SOC for Cybersecurity) and in building competencies in and understanding of this service
  • Professionals who already have SOC for Service Organizations practices and are looking to expand into cybersecurity attestation services
  • Management accountants and internal auditors who want to understand the SOC for Cybersecurity examination service available to their organizations related to their cybersecurity risk management program

Key Topics

  • Cyberthreat landscape and the terminology used to describe various aspects of cybersecurity
  • Various SOC services
  • Components of cybersecurity risk management program
  • How to use the description criteria
  • How to use the control criteria to assess an entity's controls over cybersecurity
  • Key considerations prior to accepting a cybersecurity examination engagement and key planning considerations
  • Key steps involved in performing the cybersecurity risk management examination
  • Key factors to consider while forming the opinion and preparing the practitioner's report

Learning Objectives

  • Understand the AICPA's Cybersecurity Risk Management reporting framework and how IT organizations and practitioners may use it to evaluate controls and communicate certain cybersecurity information to interested parties.
  • Analyze the components of an organization's cybersecurity risk management program.
  • Recognize the performance and reporting requirements of a SOC for Cybersecurity examination.

Cybersecurity threats are escalating, unnerving the boards of directors, managers, investors and other stakeholders of organizations of all sizes – whether public or private.

The result? Your clients are under pressure to demonstrate that they are managing threats. And that they have effective processes and controls in place to detect, respond to, mitigate and recover from cybersecurity events.

The framework for cybersecurity attestation

SOC for Cybersecurity meets a growing business need for attestation. It's a solution that builds upon the accounting profession's experience in auditing system and organization controls.

For clients whose cybersecurity risk management programs are mature, an independent CPA can perform an examination and express an expert opinion:

  • Is the program accurately described?
  • Are the controls effective?

Your opportunity as a cybersecurity adviser

This self-study certificate helps you understand how to perform SOC for Cybersecurity attestation examinations using the AICPA's new cybersecurity risk management reporting framework.

As a certificate recipient, you'll be among the first to showcase your knowledge about the AICPA's profession-wide approach to cybersecurity.

Our family of tech-specific certificates

Get the bigger story on cybersecurity, plus other certificates for accountants and finance professionals.

Background on the trust services criteria and description criteria

The content within these certificate programs refer to the trust services criteria and description criteria.

For guidance and examples, look to the Walkthrough of the Trust Services Criteria and Walkthrough of the Description Criteria.

Free eBook with purchase

Reporting on an Entity's Cybersecurity Risk Management Program and Controls - Attestation Guide is included (an $89 value) and will automatically be added to your cart when you purchase this certificate.

Created by the AICPA, this authoritative guide provides interpretive guidance to enable CPAs to examine and report on an entity's cybersecurity risk management program and controls within that program.

The guide delivers a framework designed to provide stakeholders with useful, credible information about the effectiveness of an entity's cybersecurity efforts.

Digital badges: Your professional distinction

After you complete the three-part webcast series, you will be awarded a certificate in the form of a digital badge.

Proudly display it anywhere on the internet – a personal blog, a social site such as LinkedIn, Facebook or Twitter, Open Badges, a bio page on a company website or your email signature.

Ratings and reviews

Tony Chapman, CPA, CITP

Tony is a partner and the leader of Withum's System and Organization Controls (SOC) Practice. He has more than 25 years of experience and is one of our Firm's leading internal control assessment specialists. Tony is among the small group of professionals in the United States designated as a SOC 1® and SOC 2® specialist by the Oversight Task Force of the AICPA Peer Review Board. He is also a Certified Information Technology Professional (CITP). Tony concentrates his practice in the areas of System and Organization Controls consulting and auditing. He has extensive experience within a variety of industries including finance and banking, technology, unified communications, third party administration, healthcare and government programs on international, national and regional levels, and he has developed extensive expertise in assessing internal accounting control design and effectiveness. He has presented the first SOC for Cyber Certification Course for the AICPA.

A graduate of the Luben School of Business of Pace University, Tony became a partner in the firm in 1994. He is a member of the American Institute of Certified Public Accountants (AICPA) and is licensed in the states of New York and New Jersey.

Anurag Sharma, CISA, CRISC, CISSP

Anurag is a Principal of the Firm's Cybersecurity practice and System and Organization Controls (SOC) practice based out of our Princeton, NJ office. Anurag is a Certified Information Systems Auditor (CISA), Certified Information Systems Security Professional (CISSP), and Certified in Risk and Information Systems Controls (CRISC). He is also designated as a SOC 1® and SOC 2® specialist by the Oversight Task Force of the AICPA Peer Review Board. He developed and presented the first SOC for Cyber Certification Course for the AICPA.

Anurag has over 19 years of experience and is one of Withum's leading Cybersecurity specialists. His areas of expertise include Cybersecurity Assessments (NIST Cybersecurity Framework), SOC Suite of Services (SOC 1, SOC 2 and SOC for Cybersecurity), Corporate Governance, Sarbanes-Oxley Section 404 compliance and ISO/IEC 27001 Consulting.

Anurag has contributed a number of articles on IT audits focused on the small and medium businesses (SMB) and is a regular speaker on Cybersecurity and SOC related topics at PICPA, NJCPA, CTCPA and Withum's client seminars.

He is a graduate of Symbiosis Center for Management & Human Resource Development (India), where he received his Master of Business Administration degree in Information Systems. Anurag is a member of Information Systems Audit and Control Association (ISACA) and International Information systems Security Certification Consortium (ISC)2.


American Institute of CPAs

The American Institute of CPAs (AICPA) is the world’s largest member association representing the CPA profession, with more than 418,000 members in 143 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting.

The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialized credentials for qualified professionals who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. With The Chartered Institute of Management Accountants (CIMA), it offers the Chartered Global Management Accountant (CGMA) designation, which sets the global benchmark for quality and recognition in management accounting.

The AICPA and CIMA also make up the Association of International Certified Professional Accountants (the Association), which represents public and management accounting globally, advocating on behalf the public interest and advancing the quality, competency and employability of CPAs, CGMAs and other accounting and finance professionals worldwide.

The AICPA maintains offices in New York, Washington, DC, Durham, NC, and Ewing, NJ.

Member Quantity:
Nonmember Quantity:
Estimated total:
Add to cart
CPE credits
: 30.0, 14.5
NASBA Field of Study
Familiarity with the cybersecurity description criteria and the trust services criteria
Delivery Method
QAS Self-Study
Course acronym
Contact a representative for group pricing.
Telephone: 800.634.6780 (Option 1)
Contact us online
Back to Top