SOC Trust Services Criteria (TSC)

• AICPA
• Attestation of Compliance (AOC)
• California Consumer Privacy Act
• Compliance as a Service
• Compliance Automation Software
• Compliance Risk Management
• Comprehensive Assessment
• Controls
• Cybersecurity
• GRC
• Information Security Management System (ISMS)
• ISMS Governing Body
• ISO 27001
• ISO 27001 Annex A Controls
• ISO 27001 Security Standard
• Pen Testing
• Policies
• Risk Assessment
• Security Questionnaire
• SOC 1
• SOC 2
• SOC 2 Auditor
• SOC 2+
• SOC 3
• SOC Reports
• SOC Trust Services Criteria (TSC)
• SSAE 16
• SSAE 18
• Statement of Applicability (SoA)
• Vendor Assessment
• Vendor Management Policy
• Vulnerability Management

Back to Glossary

What Are the SOC Trust Services Criteria?

The SOC Trust Services Criteria (TSC) are defined by the American Institute of Certified Public Accountants (AICPA). The five Trust Service Criteria describe the controls, policies, and procedures that form the basis for the AICPA’s System and Organization Controls (SOC), including SOC 2.

• Security – measures intended to protect information systems and data. Examples include firewalls, intrusion detection systems, and multi-factor authentication.
• Availability – measures intended to ensure that systems and data are always available for use. For example, this TSC addresses disaster recovery, incident handling, and performance measurement and monitoring.
• Processing integrity – measures intended to ensure accurate and timely information processing. Examples include process monitoring and quality assurance.
• Confidentiality – measures intended to protect confidential information, including access controls, encryption, and firewalls.
• Privacy – measures intended to protect and limit access to personally identifiable information (PII). Relevant measures include access control, encryption, and multi-factor authentication.

How Trustero Can Help

Trustero Compliance as a Service (CaaS) is cloud-based, easy-to-use compliance automation software. It is designed to simplify SOC 2 audit readiness. In addition, the Trustero solution also helps enable continuous compliance.

For example, the Trustero platform includes auditor-approved controls and auditor-vetted policy templates. It performs automated evidence gathering and validity testing. It also provides AI-powered recommendations for manual evidence gathering and testing. These features ease and speed passing a SOC 2 audit, for you and your auditor.

Trustero CaaS integrates with leading Software as a Service (SaaS) tools and platforms. The Trustero solution also constantly monitors your technology infrastructure and can notify administrators when an element falls out of SOC 2 compliance. In addition, the Trustero platform easily generates reports of your compliance posture, regularly and on demand. These and other features help you achieve and sustain continuous compliance with SOC 2 and the TSC.

Learn more:

• Explore Trustero Compliance as a Service