What are the SOC Trust Services Criteria?
The Trust Services Criteria (formerly Trust Services Principles) are control criteria utilized to evaluate and report on the suitability of the design and operating effectiveness of controls relevant to the Security, Availability, Processing Integrity, Confidentiality, or Privacy of an organization’s information and systems. The Trust Services Criteria are established by the Assurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA).
The five Trust Services Criteria comprise the evaluation structure of a SOC 2 audit and report. All SOC 2 reports include the Security category; the other four categories are optional and a company may include them according to its customers’ needs and its unique business model.
The Trust Services Criteria represent the framework by which organizations are evaluated for SOC 2 compliance. Of the five criteria, the Security category is required to obtain a SOC 2 audit, and many early-stage startups may choose to start the SOC 2 process with an evaluation of the Security category only.
What does AI mean for your company’s security compliance program? Join our session on 28 March 9 am AEDT where Matt Cooper, Privacy, Risk and Compliance Manager at Vanta, and Noam Rubin, Sr. Software Engineer at Vanta, will answer (almost) all your questions about AI and compliance.
Join Vanta’s 45-minute live product demo on March 12 at 11 am PST where Devin and Natalie will walk you through the Vanta platform and show you how we automate 90% of the work for security and privacy frameworks, and help you move towards a state of continuous compliance.