AICPA Comments on Draft Information Security Awareness Publication

March 26, 2015

Data tunnelThe American Institute of CPAs' (AICPA) Information Management and Technology Assurance (IMTA) Executive Committee last month submitted public comments to a National Institutes of Standards and Technology (NIST) publication developed in partnership with the Small Business Administration (SBA) and the Federal Bureau of Investigation (FBI) regarding information security awareness for small business.

The draft document (NISTIR 7621 Rev. 1 Small Business Information Security: The Fundamentals) is intended to provide small businesses with a rudimentary guide on establishing information security.  The draft document is written in simple, clear language to aid in ease of use by small businesses.  

As a profession leader in thought leadership on technology-related risk management, the AICPA has provided guidance to business across a spectrum of sizes.  The AICPA’s comment letter commends the NIST, SBA and FBI for undertaking the arduous task of facilitating information security program information for small business. 

The letter further establishes points to consider in order to strengthen the manner in which small businesses govern technology, as well as line-by-line recommendations to improve, clarify and further strengthen the draft document. 

Comments were accepted through February 9, 2015.  The agencies are now reviewing the comment letters.