Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Blogs
Events
Glossary
Guides and reports

Follow us

Linkedin iconFacebook icontwitter iconinstagram icon

What are the SOC Trust Services Criteria?

The Trust Services Criteria (formerly Trust Services Principles) are control criteria utilized to evaluate and report on the suitability of the design and operating effectiveness of controls relevant to the Security, Availability, Processing Integrity, Confidentiality, or Privacy of an organization’s information and systems. The Trust Services Criteria are established by the Assurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA).


The five Trust Services Criteria comprise the evaluation structure of a SOC 2 audit and report. All SOC 2 reports include the Security category; the other four categories are optional and a company may include them according to its customers’ needs and its unique business model.


The Trust Services Criteria represent the framework by which organizations are evaluated for SOC 2 compliance. Of the five criteria, the Security category is required to obtain a SOC 2 audit, and many early-stage startups may choose to start the SOC 2 process with an evaluation of the Security category only.

{{cta_withimage1="/cta-modules"}}

Related Terms

Additional resources you might like:

GRC
Events
AI and Trust: Navigating Maturity, Influence, and Risk

Join Ashish Rajan, CISO at Kaizenteq, and Faisal Khan, GRC Subject Matter Expert at Vanta for a tactical conversation on what it really takes to mature compliance, risk, and trust in the age of AI

Compliance
Guide / Report
The ultimate guide to FedRAMP: A requirements guide for authorization

Learn about FedRAMP authorization, from impact levels to compliance steps, to unlock opportunities with U.S. federal agencies.

Compliance
Events
Secure from the Start: How Founders Build Compliance Into Early-Stage Growth

Hear from the Head of Information Security at Robin AI and the Co-Founder & CEO of Pavlov as they share how they embedded security and compliance into their startup journey, without slowing down innovation.

Additional resources you might like:

GRC
Events
AI and Trust: Navigating Maturity, Influence, and Risk

Join Ashish Rajan, CISO at Kaizenteq, and Faisal Khan, GRC Subject Matter Expert at Vanta for a tactical conversation on what it really takes to mature compliance, risk, and trust in the age of AI

Compliance
Guide / Report
The ultimate guide to FedRAMP: A requirements guide for authorization

Learn about FedRAMP authorization, from impact levels to compliance steps, to unlock opportunities with U.S. federal agencies.

Compliance
Events
Secure from the Start: How Founders Build Compliance Into Early-Stage Growth

Hear from the Head of Information Security at Robin AI and the Co-Founder & CEO of Pavlov as they share how they embedded security and compliance into their startup journey, without slowing down innovation.

Compliance
Events
Building Trust in the AI Boom: Security, Capital, and Credibility from Day One

Join the CFOs of Vanta and Mercury for a tactical conversation on how early-stage teams can build trust with investors and buyers, without slowing down.

Compliance
Events
Live Demo: Accelerate security and compliance workflows with AI

Join us for a live demo where we’ll walk you through the AI functionality within the Vanta platform and how it can simplify your compliance process. Plus, you’ll have the opportunity to ask live questions—whether it’s about AI specifically, compliance, or how to get started with Vanta.

Compliance
Events
Product Demo: Automating Compliance for ISO 27001, GDPR and more with Vanta

Watch on-demand to explore how Vanta's automation can streamline your compliance efforts and save you time and money - all while helping you build customer trust.

Compliance
Events
Live-Produktdemo: ISO 27001- und SOC 2-Compliance mit Vanta einfach umsetzen

Der Nachweis von Compliance mit einem Sicherheitsrahmensystem wie ISO 27001 oder SOC 2 ist nicht nur für den Ausbau Ihres Unternehmens und die Beschaffung von Kapital unverzichtbar, sondern schafft auch die so wichtige Vertrauensbasis.

GRC
Events
Security, AI, and Trust: What We Learned from the Trust Maturity Report

Listen on-demand for a conversation with Matt Johansen, Founder & Security Researcher at Vulnerable U, as we dig into the findings of the report and explore what trust maturity looks like at every stage of growth.

Compliance
Events
Live Demo: Automating Compliance for SOC 2, ISO 27001, HIPAA, and More

Discover how Vanta’s automation and AI tools can help your team simplify compliance, strengthen security, and scale trust across frameworks like SOC 2, ISO 27001, HIPAA, and more.

Get compliant and build trust—fast

Request a demo
G2 Badge 2025 - Best Software | Top 50 Governance, Risk, & Compliance ProductsG2 Badge 2025 - Best Software | Top 50 Security ProductsG2 Badge 2025 - Best Software | Top 100 Best Software Products