This site uses cookies to store information on your computer. Some are essential to make our site work; others help us improve the user experience. By using the site, you consent to the placement of these cookies. Read our privacy policy to learn more.

Technical

Trust Services Criteria Logo aicpa

  Free |   AICPA |   Apr 2017 |   AICPA Store

Established by the AICPA Assurance Services Executive Committee (ASEC), this resource presents control criteria for use in attestation or consulting engagements to evaluate and report on controls over the security, availability, processing integrity, confidentiality, or privacy of information and systems

  • across an entire entity.
  • at a subsidiary, division, or operating unit level.
  • within a function relevant to the entity’s operational, reporting, or compliance objectives.
  • for a type of information used by the entity.

This guidance is useful in reporting on SOC for Cybersecurity engagements, SOC 2® engagements, and SOC 3® engagements. The 2017 edition revises the trust services criteria to align with the Committee of Sponsoring Organizations of the Treadway Commission’s (COSO’s) 2013 Internal Control—Integrated Framework, to better address cybersecurity risks and increase flexibility in application across an entire entity, including at a subsidiary, division, or operating unit level within a function relevant to an entity’s operational, reporting, or compliance objectives.

Key Benefits
  • Alignment with the 2013 COSO Internal Control—Integrated Framework
  • Better addresses cybersecurity risks
  • Increases flexibility in application
Who Will Benefit?
  • Practitioners performing attestation or consulting services
  • Practitioners performing engagements using trust services criteria including SOC for Cybersecurity, SOC 2 examinations, and SOC 3 examinations
Topics covered:
  • Assurance: Technical: Attestation, Foundational
  • Assurance: Technical: Advisory & consulting services, Foundational
  • IT management & assurance: Technical: IT risk & assurance services: Service organizations, Foundational

Comments/Reflections