Trust services criteria

Area 3: SOC Engagements (15-25%)

Your Progress

0 of 58 questions attempted

Topics

Security, availability, processing integrity
Confidentiality and privacy criteria

Lessons

SOC Reporting and Trust Services Criteria

Study Frameworks

Trust Services Criteria (TSC)

AICPA Trust Services Criteria

Security (Common Criteria — required for all SOC 2)

Protection against unauthorized access

Firewalls, IDS/IPS, access controls, encryption

Foundation for all other criteria

Availability

System is available for operation and use as committed

BCP/DR planning, SLAs, monitoring, redundancy

Processing Integrity

Processing is complete, valid, accurate, timely, authorized

Input validation, reconciliation, error handling

Confidentiality

Information designated as confidential is protected

Encryption, access restrictions, NDAs, data classification

Privacy

Personal information collected, used, retained, disclosed per notice

Consent, data minimization, subject rights, breach notification

SAPCPSecurity, Availability, Processing Integrity, Confidentiality, Privacy

The five Trust Services Criteria used in SOC 2 engagements. Security (common criteria) is always required; the other four are optional based on engagement scope.

Practice These Topics(58 questions)