Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters
Blogs
Events
Glossary
Guides and reports

Follow us

Linkedin iconFacebook icontwitter iconinstagram icon

What are the SOC Trust Services Criteria?

The Trust Services Criteria (formerly Trust Services Principles) are control criteria utilized to evaluate and report on the suitability of the design and operating effectiveness of controls relevant to the Security, Availability, Processing Integrity, Confidentiality, or Privacy of an organization’s information and systems. The Trust Services Criteria are established by the Assurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA).


The five Trust Services Criteria comprise the evaluation structure of a SOC 2 audit and report. All SOC 2 reports include the Security category; the other four categories are optional and a company may include them according to its customers’ needs and its unique business model.


The Trust Services Criteria represent the framework by which organizations are evaluated for SOC 2 compliance. Of the five criteria, the Security category is required to obtain a SOC 2 audit, and many early-stage startups may choose to start the SOC 2 process with an evaluation of the Security category only.

{{cta_withimage1="/cta-modules"}}

Related Terms

Additional resources you might like:

Compliance
Blog
How to choose the best access review software: A buyer’s guide

Learn why access review software is essential and how to choose and implement the right solution.

GDPR
Blog
GDPR basics: Everything you need to know to keep your business compliant

Learn the basics of GDPR, what GDPR compliance means for your organization, and how the GDPR rights granted to those in the EU may impact your business.

GDPR
Blog
GDPR compliance for US companies: Step-by-step guide

Learn how GDPR impacts US organizations and what it takes to achieve compliance.

Additional resources you might like:

Compliance
Blog
How to choose the best access review software: A buyer’s guide

Learn why access review software is essential and how to choose and implement the right solution.

GDPR
Blog
GDPR basics: Everything you need to know to keep your business compliant

Learn the basics of GDPR, what GDPR compliance means for your organization, and how the GDPR rights granted to those in the EU may impact your business.

GDPR
Blog
GDPR compliance for US companies: Step-by-step guide

Learn how GDPR impacts US organizations and what it takes to achieve compliance.

GDPR
Blog
An actionable guide to GDPR compliance for startups

Learn what GDPR compliance means for startups and how to achieve it while building trust and scaling with confidence.

Compliance
Blog
How to choose the best regulatory compliance software: A buyer’s guide

Find out what to look for in compliance software as AI and regulatory requirements continue to change.

GDPR
Events
Learn How to Automate Compliance for ISO 27001, GDPR, and more

Watch this on-demand demo to learn how Vanta automates compliance for ISO 27001, DORA, the EU AI Act, and more, saving you time and money.

Compliance
Events
Learn How to Automate Compliance for SOC 2, ISO 27001, and More

Watch our on-demand demo to learn how Vanta can help you accelerate compliance with deep automation and agentic workflows that handle evidence, policies, and remediation for you across frameworks like SOC 2, ISO 27001, HIPAA, and more.

ISO 27001
Blog
The Australian startups guide to ISO 27001

Understand the benefits, steps to certification, and how Vanta simplifies the journey.

SOC 2
Blog
What is SOC 2 and why Australian startups need it

SOC 2 for Aussie startups.

Get compliant and build trust—fast

Request a demo
G2 Badge 2025 - Best Software | Top 50 Governance, Risk, & Compliance ProductsG2 Badge 2025 - Best Software | Top 50 Security ProductsG2 Badge 2025 - Best Software | Top 100 Best Software Products