Blog details
Third Party Risk Managment
TPRM Tuesday #8: Breaking down SOC2 Trust Services Categories and Criteria for SOC 2 audit
By Bill Schneider
It’s Tuesday and it’s time for our next TPRM Tuesday posting. Today we will be Uncovering SOC2 Trust Services and Criteria (TSC) for any SOC 2 audit.
Before diving deep, let’s break down some common definitions.
? Trust Services Categories: The classification schema for the Trust Services Criteria, made up of five categories (Security, Availability, Confidentiality, Processing Integrity, and Privacy).
? Trust Services Criteria: The criteria used to evaluate the design and operating effectiveness of controls relevant to the Trust Services Categories.
? Common Criteria: The criteria that are common to all five Trust Services Categories. These include all criteria that makeup CC1.1-CC9.2 and are included in all SOC2 audits.
? Commitments: Declarations made by management to the customer regarding the performance of one or more of the organization’s systems.
? Additional Criteria:
✅ Additional Criteria For Availability (A): These controls define additional standards for how organizations manage backups and overall system availability.
✅ Additional Criteria For Confidentiality (C): These controls address how confidential information is identified and protected from destruction.
✅ Additional Criteria For Processing Integrity (PI): These controls address how data is accurately processed and achieved.
By Bill Schneider
It’s Tuesday and it’s time for our next TPRM Tuesday posting. Today we will be Uncovering SOC2 Trust Services and Criteria (TSC) for any SOC 2 audit.
Before diving deep, let’s break down some common definitions.
? Trust Services Categories: The classification schema for the Trust Services Criteria, made up of five categories (Security, Availability, Confidentiality, Processing Integrity, and Privacy).
? Trust Services Criteria: The criteria used to evaluate the design and operating effectiveness of controls relevant to the Trust Services Categories.
? Common Criteria: The criteria that are common to all five Trust Services Categories. These include all criteria that makeup CC1.1-CC9.2 and are included in all SOC2 audits.
? Commitments: Declarations made by management to the customer regarding the performance of one or more of the organization’s systems.
? Additional Criteria:
✅ Additional Criteria For Availability (A): These controls define additional standards for how organizations manage backups and overall system availability.
✅ Additional Criteria For Confidentiality (C): These controls address how confidential information is identified and protected from destruction.
✅ Additional Criteria For Processing Integrity (PI): These controls address how data is accurately processed and achieved.
It’s Tuesday and it’s time for our next TPRM Tuesday posting. Today we will be Uncovering SOC2 Trust Services and Criteria (TSC) for any SOC 2 audit.
Before diving deep, let’s break down some common definitions.
? Trust Services Categories: The classification schema for the Trust Services Criteria, made up of five categories (Security, Availability, Confidentiality, Processing Integrity, and Privacy).
? Trust Services Criteria: The criteria used to evaluate the design and operating effectiveness of controls relevant to the Trust Services Categories.
? Common Criteria: The criteria that are common to all five Trust Services Categories. These include all criteria that makeup CC1.1-CC9.2 and are included in all SOC2 audits.
? Commitments: Declarations made by management to the customer regarding the performance of one or more of the organization’s systems.
? Additional Criteria:
✅ Additional Criteria For Availability (A): These controls define additional standards for how organizations manage backups and overall system availability.
✅ Additional Criteria For Confidentiality (C): These controls address how confidential information is identified and protected from destruction.
✅ Additional Criteria For Processing Integrity (PI): These controls address how data is accurately processed and achieved.
© All Rights Reserved By Fortrex Technologies
