top of page
Cybersecurity Advisory


Cybersecurity risk management program and system and organization controls advisory.

Cybersecurity Risk Management Program Advisory

While cybersecurity and information security matters have been important topics now for decades, the reality is most small and mid-sized businesses struggle with practical implementation of a defined and useable cybersecurity risk management program.

Often many of the pieces are in place, however control activities such as strong passwords, network monitoring, or even working with a third-party technology service provider do not typically constitute a cybersecurity risk management program. Nor does this provide business owners with a structured, comprehensive, and relatable view of cybersecurity risk management and the value it can bring to their organization.  We intend to help change that.

Our advisory approach relies on both integrated experience and established frameworks when applying cybersecurity, risk management, and internal control considerations.  We can assist your business with:

  • Identifying, assessing, and responding to cybersecurity risks, in a clear and documented, actionable manner;

  • Understanding and designing a comprehensive cybersecurity risk management program, including applicable to NIST and AICPA frameworks and guidance, such as:

    • NIST Cybersecurity Framework

    • Description Criteria for Management's Description of the Entity's Cybersecurity Risk Management Program (AICPA);

  • Data, information, and application classification, inventory, and related control activities;

  • Advisory and documentation of control criteria and activities, including monitoring activities, and with consideration of guidance found in the Trust Services Criteria (AICPA);​

  • Data privacy policy matters, including applicable to:

    • IRS Publication 4557​

    • Privacy Management Framework (AICPA)

    • California Consumer Privacy Act;

  • Data security breach response planning, including communication and recovery control documentation;​

  • Training and awareness of cybersecurity and business culture implementation, including for board members, management, and employees;

  • Policy design and documentation.

System and Organization Controls for Cybersecurity

SOC for cybersecurity continues to be a leading area for increased attention and improvement by businesses of all shapes and sizes, including new entrepreneurs.  Our experience allows us to assist with unique skill sets and perspectives when addressing system and organization controls for cybersecurity needs.  Our approach is to help your organization analyze and define its cybersecurity objectives, risks, and controls, for better management decisions and reporting, as well as third-party interactions.

We can help your business with the following:

  • Assistance with SOC for Cybersecurity program objectives and control criteria, in accordance with the Description Criteria for Management's Description of the Entity's Cybersecurity Risk Management Program, and Trust Services Criteria promulgated by the AICPA;

  • Consulting and advisory related to SOC for Cybersecurity examination readiness, including timeline and planning objectives;

  • SOC for Cybersecurity vs. SOC 2 or SOC 3 reporting advisory and considerations;

Third-Party Service Provider Risk Management

Managed technology services provided by a third-party can range from break-fix support, to full scope technology and equipment management and monitoring.  Our team has designed, evaluated, and performed walk-throughs related to the implementation of managed technology solutions for businesses including manufacturers, service providers, and retailers, as well as not-for-profit entities including health and human services, K-12 and higher-education, and municipal organizations, all of varying sizes and complexities.  While we don't provide technical services ourselves, we understand the model well, and can help guide and assist your organization with more thorough and critical assessment procedures when managing third-party providers.

Some of the services we assist with include:

  • Third-party service provider evaluation and risk assessment;

  • Requests for proposals (RFP) for third-party technology management;

  • Control documentation, policies, procedures, and template resources;

  • Service program design advisory.

Innovate your expectations.

Managed Accounting



Fractional accounting department services managed to scale with your financial strategy.

Tax Advisory



Compliance, planning, research, and resolution for unique or complex tax matters.

Cybersecurity Advisory



Cybersecurity risk management program and system and organization controls advisory.

Risk Management



Comprehensive enterprise risk management advisory solutions for businesses and entrepreneurs.

Systems Control



Integrated approaches to enhancing entity wide control over systems, processes, and procedures.

Startup Consulting



Guidance, coaching, and advisory supporting new businesses and entrepreneurs.

Firm to Firm


to Firm

Advisory and assistance with best practices, process improvement, and professional matters.

Special Purpose Engagements

Special Purpose


Purpose driven consulting and advisory projects to support strategic initiatives and value creation.


We support several leading and forward thinking industries that are meaningfully aligned with our firm's service intent and delivery.

Accounting and Bookkeeping

Accounting and


About Us

Our mission is to provide services in a manner reflective of our core values and spirit.  What inspires us?  Read more about LEACIF and what makes our firm unique. 

Core Values



We offer comprehensive accounting and advisory services designed to purposely impact value and strategic positioning for our clients.

Managed Accounting




Follow LEACIF on social media for insights, business tips, announcements, and other original content to see how we think.

  • LinkedIn
  • Facebook

Founded and grounded in Michigan, U.S.  Established in 2014.

bottom of page