Join the hundreds of companies that trust 6clicks
TermsAFSL Authorised Representative AICPA Annex A Controls ASIC Attestation of Compliance (AOC) Business Continuity Management Compliance Automation Software Compliance Risk Management Cybersecurity Maturity Model Certification (CMMC) FedRAMP Governance Risk & Compliance (GRC) GPDR HIPAA HITRUST Incident Management Information Security Management System (ISMS) ISMS Governing Body ISO 27001 Notifiable Data Breach OAIC Policy Management SOC 1 SOC 2 SOC 3 SOC Reports SOC Trust Services Criteria (TSC) SSAE 16 SSAE 18 Third Party Risk Management Vendor Assessment Vendor Management Policy Vendor Review Vulnerability Vulnerability Management
What are the SOC Trust Services Criteria (TSC)?
The Trust Services Criteria (formerly Trust Services Principles) are control criteria utilized to evaluate and report on the suitability of the design and operating effectiveness of controls relevant to the Security, Availability, Processing Integrity, Confidentiality, or Privacy of an organization's information and systems. The Trust Services Criteria are established by the Assurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA).
The five Trust Services Criteria comprise the evaluation structure of a SOC 2 audit and report. All SOC 2 reports include the Security category; the other four categories are optional and a company may include them according to its customers' needs and its unique business model.
- Security: Systems and data stored by a company are protected against unauthorized access and unauthorized disclosure.
- Availability: Information and systems are available for operation and use.
- Confidentiality: Confidential information is protected.
- Processing Integrity: System processing is complete, valid, accurate, timely, and authorized. Customer data remains correct throughout the course of data processing.
- Privacy: Personal information is collected, used, retained, disclosed, and disposed of in accordance with pre-stated policies. Although the Confidentiality category applies to any sensitive information, the Privacy category applies only to personal information.