SOC for Cybersecurity: Description Criteria Used to Describe Your Cybersecurity Risk Management Program


The Management’s Description of the Cybersecurity Risk Management Program is a key component of the SOC for Cybersecurity report. The Management’s Description of their Cybersecurity Risk Management Program is comprised of 9 Categories which encompass 19 distinct Description Criteria (DC).

The Description is designed to:

  • Provide information about how your company identifies its information assets;

  • The ways in which you manage the cybersecurity risks that threaten it; and

  • The key security policies and processes implemented and operated to protect your information assets against those risks.

Download Our Free SOC for Cybersecurity Risk Management Description Document.