To the Point - AICPA issues criteria for evaluating how an entity manages cybersecurity risk

26 Apr 2017 PDF
Subject AccountingLink
Publications To the Point


The AICPA issued Description Criteria for Management’s Description of an Entity’s Cybersecurity Risk Management Program and updated its Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy that together can be used by entities to describe their cybersecurity risk management programs  and evaluate controls in these programs. An entity also can voluntarily choose to engage an independent public accountant to evaluate management’s description and whether the controls over its program were suitably designed and operated effectively.

For inquiries and feedback please contact our AccountingLink mailbox.