AICPA Proposes Guidance for New System and Organization Controls (SOC) for Supply Chain Report
Why is this important?
There is significant connection between entities that produce, manufacture or distribute products and their suppliers, customers and business partners. With the growth in technological development as part of the supply chain process, these risks are increasing rapidly. For example, a manufacturer may make widgets used in the production of an automobile. The automobile manufacturer needs information about the widget manufacturer’s security, availability and processing integrity of their system(s) used to manufacture the widget and the relevant controls within the applicable system(s). The proposed SOC for Supply Chain report could provide useful information for the automobile manufacturer to better understand and manage supply chain risks, including cybersecurity risks, arising from their business relationship. As an example, a cybersecurity attack on the widget manufacturer’s system could result in a significant impact on the automobile manufacturer.