AAFCPAs Earns SOC for Cybersecurity Services Certificate

Cybersecurity Advisory Services Certificate LogoAAFCPAs’ Partners James Jumes, MBA, M.Ed. and Robin Kelley, CPA, CITP, CGMA, CSPM, CCSFP have earned the System and Organization Controls (SOC) for Cybersecurity Certificate issued by The Association of International Certified Professional Accountants (AICPA).
SOC for Cybersecurity is a new entity-wide cybersecurity audit that allows organizations to voluntarily report on their cybersecurity management programs to internal and external stakeholders with credibility.
Companies are under increasing pressure to manage cybersecurity threats, and to demonstrate to stakeholders that they have effective processes and controls in place to detect, respond to, mitigate, and recover from breaches and other security events. The Securities and Exchange Commission (SEC) recently issued guidance on disclosures by public companies of the cybersecurity risks they are facing and what they are doing to address those risks.
Quote: In today's cyber threat landscape, trust and confidence are strategically critical issuesJames and Robin are among the first SOC specialists nationwide to receive certification in this first-of-its-kind program designed specifically for CPA firms with integrated Business Process & IT Advisory practices. AAFCPAs’ SOC for Cybersecurity examinations can enhance users’ confidence in information prepared by management, enabling them to make informed decisions about the organization and their dealings or transactions with it, and building trust and confidence that the company is appropriately addressing its cybersecurity risks. In today’s cyber threat landscape, trust and confidence are strategically critical issues.
AAFCPAs’ SOC for Cybersecurity team members are certified to apply the AICPA’s cybersecurity risk management reporting framework to analyze and examine clients’ cybersecurity risk management programs, and report on the effectiveness of controls within the program.  The new framework provides a common and consistent language for organizations to communicate about, and report on, their cybersecurity efforts. Through this common and consistent language, AAFCPAs helps senior management, boards of directors, analysts, investors, and business partners gain a better understanding of organizations’ enterprise-wide cybersecurity risk management efforts.
“AAFCPAs Business Process & IT Advisory Practice is a leading provider of SOC attestation reporting, as well as Technology Risk & Cyber Security Assessments,” said Dave McManus, CPA, CGMA, AAFCPAs’ Co-Managing Partner. “We are committed to solving our clients’ security issues to ensure success and help them move forward and thrive with confidence in the future.”
Learn more about AAFCPAs’ SOC Attestation and Security Solutions. >>
Learn more about AAFCPAs’ Technology Risk & Cyber Security Assessments. >>

About the Author

James Jumes
James joined AAFCPAs in 2013 to lead the Business Consulting Services practice. He has more than 25 years of experience working with information technology systems and diverse business operational processes. James is highly experienced in IT controls and assurance, SOX 404, and Service Organization Control (SOC) reports: SOC 1 (SSAE 18), SOC 2, SOC 2+ and 3 attestation reporting.  James developed a unique methodology to delivering SOC reporting services, and he is an AICPA-approved Peer Review SOC Specialist, assisting peer review teams to review SOC 1, 2, 2+ and 3 engagements. He is a HITRUST Certified Common Security Framework (CSF) Practitioner, providing HITRUST CSF self-assessment consulting, or SOC 2 + HITRUST for assessing against the evolving compliance landscape shaped by HITECH, HIPAA, CMS and various other federal, state and business requirements.