SOC for Cybersecurity - Cybersecurity Risk Management Examination
SOC for Cybersecurity, introduced by the AICPA in 2017, provides a framework for reporting on an organisation's cybersecurity risk management programme. Unlike SOC 2 (which focuses on service organisations), SOC for Cybersecurity is designed for any organisation to communicate about its cybersecurity efforts. The examination uses the AICPA Description Criteria for Management's Description and the AICPA Trust Services Criteria or other suitable criteria. General-use report suitable for boards, investors, and business partners.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (6)
Detect
| Code | Title |
|---|---|
| SOCCYB-3 | Detect Function: Anomalies, Continuous Monitoring, Processes |
Examination
| Code | Title |
|---|---|
| SOCCYB-6 | SOC for Cybersecurity Examination Process |
Identify
| Code | Title |
|---|---|
| SOCCYB-1 | Identify Function: Asset, Risk, Governance, Business Environment |
Protect
| Code | Title |
|---|---|
| SOCCYB-2 | Protect Function: Access Control, Awareness, Data Security, Processes |
Recover
| Code | Title |
|---|---|
| SOCCYB-5 | Recover Function: Recovery Planning, Improvements, Communications |
Respond
| Code | Title |
|---|---|
| SOCCYB-4 | Respond Function: Planning, Communications, Analysis, Mitigation, Improvements |
Frequently Asked Questions
What is SOC for Cybersecurity - Cybersecurity Risk Management Examination?
SOC for Cybersecurity - Cybersecurity Risk Management Examination is a compliance framework from United States (AICPA) with 6 domains and 6 controls. SOC for Cybersecurity, introduced by the AICPA in 2017, provides a framework for reporting on an organisation's cybersecurity risk management programme. Unlike SOC 2 (which focuses on service organisations), SOC for Cybersecurity is designed for any organisation to communicate about its cybersecurity efforts. The examination uses the AICPA Description Criteria for Management's Description and the AICPA Trust Services Criteria or other suitable criteria. General-use report suitable for boards, investors, and business partners. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does SOC for Cybersecurity - Cybersecurity Risk Management Examination have?
SOC for Cybersecurity - Cybersecurity Risk Management Examination has 6 controls organised across 6 domains. The largest domains are Detect (1 controls), Examination (1 controls), Identify (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does SOC for Cybersecurity - Cybersecurity Risk Management Examination map to?
SOC for Cybersecurity - Cybersecurity Risk Management Examination does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with SOC for Cybersecurity - Cybersecurity Risk Management Examination compliance?
Start your SOC for Cybersecurity - Cybersecurity Risk Management Examination compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about SOC for Cybersecurity - Cybersecurity Risk Management Examination requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 6 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required