Request Demo →
Product
tprm software

Manage the Complete Vendor Lifecycle

Easily manage your third-party risk management activities across the vendor lifecycle – onboarding, ongoing management, offboarding.

Take a Product Tour to See Venminder in ActionNew
View Pricing & Packaging
 
vendiligence

Outsource Vendor Control Assessments

Order due diligence assessments on your vendors that include qualified risk ratings and reviews from Venminder experts.

 
venmonitor

Continuously Monitor with Risk Intelligence

Seamlessly combine risk intelligence data to monitor for risks within cybersecurity, business health, financial viability, privacy, ESG and more.

samples library
Why Venminder
case studyCase Studies

Learn how our customers have managed their vendors and risk with Venminder.

researchIndependent Research

Check out independent research that validates Venminder's market leader position.

Take a Product Tour to See Venminder in ActionNew

 
check whyWhy Venminder

See why Venminder is uniquely positioned to help you manage vendors and risk.

customer experienceCustomer Experience

Our team is committed to a single goal: a customer experience second to none.

implementationImplementation

We offer quick and customer-focused implementation for fast ramping.

 
business caseBusiness Case

Learn practical steps to create and present a business case for third-party risk management to stakeholders.

industriesIndustries

Learn how Venminder helps companies of all sizes and within all industries.

samples library
Education
resourcesResources

Download complimentary resources to guide you through all the various components of a successful third-party risk management program.
blogBlog

Read Venminder's blog of expert articles covering everything you need to know about third-party risk management.

 
webinarsWebinars

Stay current on the latest best practices and trends in third-party risk management
online communityCommunity

Join a free community dedicated to third-party risk professionals where you can network with your peers.

 
samples librarySamples

Download samples of Venminder’s vendor risk assessments and see how we can help reduce the workload.

third party thursday newsletterWeekly Newsletter

Receive the popular Third Party Thursday newsletter into your inbox every Thursday with the latest and greatest updates.

resources-whitepaper-state-of-third-party-risk-management-2025
State of Third-Party Risk Management 2025
 

Venminder's State of Third-Party Risk Management 2025 whitepaper provides third-party risk management insight and industry statistics to help you make informed programs decisions. Learn how others are managing third-party risk.

About
venminderCompany

Venminder is the industry's leading third-party risk management solution provider.
careersCareers

We're hiring! Explore career opportunities and learn more about Venminder culture.

Take a Product Tour to See Venminder in ActionNew

 
partnersOur Partners

Check out the select partners we aligned with to provide additional solutions and services.

partner programPartner Program

Learn how to become a Venminder integration or referral partner.

 
request a demoRequest a Demo

See how Venminder can enable you to run an efficient third-party risk program.

contact usContact Us

Get in touch with a member of your team to discuss a question you may have.

customer supportCustomer Support

Already a Venminder customer? Connect with the Customer Support Team.

g2 recognition venminder
Cybersecurity

SOC for Cybersecurity – What It Is and Who It’s For

By: Aaron Kirkpatrick on January 28 2019

2 min read
Featured Image

The AICPA has created a new examination engagement to sit alongside the System and Organization Controls (SOC) 1, 2 and 3. That’s right, SOC no longer stands for “Service Organization Controls.”

And, the AICPA isn’t done yet... they’re working on a “SOC for Vendor Supply Chains” as well. For this post’s purpose, though, we’ll stick with the new SOC for Cybersecurity.

What The SOC for Cybersecurity Covers

Engagements following the SOC for Cybersecurity guidance will be most similar to SOC 2 analyses, in that they’ll use a subset of the Trust Service Principles: Security, Availability, and Confidentiality. This omits the Processing Integrity and Privacy Trust Service Principles. The similarities don’t stop with the Trust Service Principles. The SOC for Cybersecurity will also contain the following similar sections and types:

Management’s Assertion – Management asserting that “(a) the description is presented in accordance with the description criteria and (b) the controls within the entity’s cybersecurity risk management program were effective to achieve the entity’s cybersecurity objectives based on the control criteria.(aicpa.org)

Management’s Description – In this case, it's the description of the entity's cybersecurity risk management program instead of the general System.

Auditor’s Report – The third party auditor’s opinion on whether “(a) the description is presented in accordance with the description criteria and (b) the controls within the entity’s cybersecurity risk management program were effective to achieve the entity’s cybersecurity objectives based on the control criteria.(aicpa.org)

Type I and II – Like the SOC 1 and 2, the SOC for Cybersecurity offers a point-in-time assessment covering the design of the controls, a Type I, and a period-of-time examination covering the operating effectiveness of the controls, a Type II.

The reports will cover two sets of benchmarks, which are used to measure or evaluate the organization’s Cybersecurity Risk Management Program:

  1. Description Criteria
  2. Control Criteria

There are 19 description criteria outlined and available for use by organizations which are to be discussed in Management’s Description of the report. Each of these description criteria includes guidance for implementing the controls. The control criteria will be chosen from the Security, Availability and Confidentiality Trust Services Principle’s common controls.

Who's Expected to Use This SOC for Cybersecurity?

Need content here

Why Choose SOC for Cybersecurity vs SOC 2?

Need content here 

The AICPA has provided a good set of reference materials for use by auditors and organizations which can be found at aicpa.org.

Do you know how to analyze a SOC report? Download our eBook to learn more.
Infographic

Donec nec justo eget felis facilisis fermentum. Aliquam porttitor mauris sit amet orci. 

placeholder

Related Posts

Vendor SOC for Cybersecurity: Do You Need to Request One?

With increased scrutiny and regulations surrounding cybersecurity, it's a topic that is “talk of...

Vendor Information Technology and Its Role in Cybersecurity

In the season two premier of Mad Men, the secretaries at the fictional ad agency Sterling Cooper...

Common Vendor Information Security Questions Related to Cybersecurity and SOC Reports

It’s National Cybersecurity Awareness Month, and it’s important to carry over the lessons learned...

Subscribe to Venminder

Get expert insights straight to your inbox.

Ready to Get Started?

Schedule a personalized solution demonstration to see if Venminder is a fit for you.

Request a Demo