Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Blogs
Events
Glossary
Guides

Follow us

GLOSSARY
SOC 2
SOC Trust Services Criteria

What are the SOC Trust Services Criteria?

The Trust Services Criteria (formerly Trust Services Principles) are control criteria utilized to evaluate and report on the suitability of the design and operating effectiveness of controls relevant to the Security, Availability, Processing Integrity, Confidentiality, or Privacy of an organization’s information and systems. The Trust Services Criteria are established by the Assurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA).


The five Trust Services Criteria comprise the evaluation structure of a SOC 2 audit and report. All SOC 2 reports include the Security category; the other four categories are optional and a company may include them according to its customers’ needs and its unique business model.


Category
Description
Security
Systems and data stored by a company are protected against unauthorized access and unauthorized disclosure.
Availability
Information and systems are available for operation and use.
Confidentiality
Confidential information is protected.
Processing integrity
System processing is complete, valid, accurate, timely, and authorized. Customer data remains correct throughout the course of data processing.
Privacy
Personal information is collected, used, retained, disclosed, and disposed of in accordance with pre-stated policies.

Although the Confidentiality category applies to any sensitive information, the Privacy category applies only to personal information.

The Trust Services Criteria represent the framework by which organizations are evaluated for SOC 2 compliance. Of the five criteria, the Security category is required to obtain a SOC 2 audit, and many early-stage startups may choose to start the SOC 2 process with an evaluation of the Security category only.

Additional resources you might like:

Blog
SOC 2

How kobalt.io provides big security for small businesses with Vanta

Partnership with Vanta delivers more certifications, happier customers, and business growth for Kobalt.io.

Blog
Product updates

New in Vanta | February 2023

February’s product update includes many exciting announcements from Vanta. We announced Custom Frameworks and Controls and other improvements to the Vanta experience.

ON-DEMAND WEBINAR
CCPA

CCPA, CTDPA, VCDPA…Oh My! Digging into US Data Privacy in 2023

Join the webinar with Matt Cooper, Sr. Manager, Privacy, Risk & Compliance at Vanta, and Arlo Gilbert, CEO and Co-founder at Osano, to learn about the changing privacy landscape in the US

The compliance news you need. Delivered securely to your inbox.

Subject to Vanta's Privacy Policy, you agree to allow Vanta to contact you via the email provided for marketing and other purposes

Everything you need to get compliance audit ready, fast.

GET STARTED TODAYGET STARTED TODAY

Vanta is the easy way to get and stay compliant. Thousands of fast-growing companies depend on Vanta to automate their security monitoring and get ready for security audits in weeks, not months. Simply connect your tools to Vanta, fix the gaps on your dashboard, and then work with a Vanta-trained auditor to complete your audit.

Products
SOC 2ISO 27001GDPRHIPAAPCI DSSCCPAAdditional FrameworksIntegrations
Customers
Customer Case Studies
Resources
BlogsGuidesGlossaryVideosAll Resources
Company
AboutCareersPressSecuritySystem StatusTrust Report
Manage CookiesTermsPrivacy