Skip to content
Home / Authority / Organization / AICPA

AICPA SOC2 Trust Services Principles and Criteria – TSP Section 100

This document focuses on:

The AICPA SOC 2 Trust Services Principles and Criteria, outlined in TSP Section 100 (2017, regularly updated), provide a comprehensive framework for evaluating and reporting on a service organization’s controls related to security, availability, processing integrity, confidentiality, and privacy of a system. The security criteria, also known as the common criteria, are mandatory for all SOC 2 examinations and encompass controls that are foundational across all five trust service categories, including risk management and system protection. Organizations may include additional criteria—availability, processing integrity, confidentiality, and privacy—based on the nature of their services and client needs. The criteria emphasize management’s responsibility to meet commitments to customers and system requirements, covering aspects such as governance, risk assessment, control activities, information and communication, and monitoring of controls. The framework integrates principles from the COSO internal control framework and focuses on the entity’s objectives, risk identification and assessment, fraud considerations, and changes impacting internal control systems, ensuring a thorough and adaptable approach to trust and assurance in service organizations’ systems.


Publication's URL

https://www.aicpa-cima.com/resources/download/2017-trust-services-criteria-with-revised-points-of-focus-2022

Additional documents on this topic



How would you rate this document ?

Click on a star to rate it!

What do you think of this document?

Your email address will not be published. Required fields are marked *