SOC for Cybersecurity: Description Criteria Used to Describe Your Cybersecurity Risk Management Program.
The Management’s Description of the Cybersecurity Risk Management Program is a key component of the SOC for Cybersecurity report. The Management’s Description of their Cybersecurity Risk Management Program is comprised of 9 Categories which encompass 19 distinct Description Criteria (DC).
The Description is designed to:
- Provide information about how your company identifies its information assets;
- The ways in which you manage the cybersecurity risks that threaten it; and
- The key security policies and processes implemented and operated to protect your information assets against those risks.