What are the Trust Services principles in a SOC 2 report?

SOC2 is a protocol that defines criteria for managing customer data based on five Trust Service Criteria. These principles are: security, privacy, accessibility, processing integrity and confidentiality.

What principle must always been included with an SOC 2 report?

There are five Trust Services Principles, or criteria, that comprise a SOC 2 report: Security, Availability, Processing Integrity, Confidentiality and Privacy.

Which of the following trust principles are included in Zoho’s SOC 2 Type II report?

SOC 2 reports can address one or more of the following principles: Security, Confidentiality, Availability, Processing Integrity, or Privacy.

What are the trust service principles?

There are five trust service principles which include:

  • Security.
  • Availability.
  • Processing integrity.
  • Confidentiality.
  • Privacy.

What are the 5 Trust Services Criteria for SOC 2?

The Trust Services Criteria include five trust services categories, as defined by AICPA:

  • Security.
  • Availability.
  • Processing integrity.
  • Confidentiality.
  • Privacy.

What are the five trust criteria?\\?

The SOC 2 audit process includes five categories of Trust Services Criteria: Security, Availability, Confidentiality, Processing Integrity, and Privacy. These categories each cover a set of internal controls related to different aspects of your information security program.

Which of the 5 Trust Services criteria is required for every SOC 2?

Security *Security is the one trust service category that is generally required for every SOC 2 audit.

What trust service principles should a first time auditee select?

The trust principles you select inform your attestation criteria. Your trust service criteria must also be suitable and available to report users….The AICPA specifies five main principles, namely:

  • Security.
  • Availability.
  • Processing integrity.
  • Confidentiality.
  • Privacy.

Which of the 5 trust services categories below is mandatory for all soc2 engagements?

In a non-privacy SOC 2 engagement, the security category must be included. The security category consists of the complete set of the common criteria, which integrate with the 2018 COSO Internal Control — Integrated Framework.

What are the four components that are consistently represented in the AICPA’s TSP 100 principles and criteria?

As to the actual Trust Services Principles and Criteria (TSP), they comprise of the following:

  • Security.
  • Availability.
  • Processing Integrity.
  • Confidentiality.
  • Privacy.

What are the SOC 2 Trust Principles?

The SOC 2 trust principles are criteria based provisions consisting of what’s technically known as the Trust Services Principles (TSP), which consist of the following: The security of a service organization’s system. The availability of a service organization’s system.

What is a SOC 2 report?

The System and Organization Controls (SOC) 2 Report will be performed in accordance with AT-C 205 (formerly under AT-101) and based upon the Trust Services Principles, with the ability to test and report on the design (Type I) and operating (Type II) effectiveness of a service organization’s controls (just like SOC 1 / SSAE 18).

What are the SOC 2 security criteria?

The only criteria that is required to be in a SOC 2 examination is the security criteria, which is also known as the common criteria. The security criteria is referred to as common criteria because many of the criteria used to evaluate a system are shared among all five of the Trust Services Criteria.

What is a SOC 1 audit?

A SOC 1 report has a little more flexibility in what is tested and opined on by the auditor. In addition to reviewing security, a SOC 1 audit includes more of a focus on the service organization’s controls that may be or are relevant to an audit of their client’s financial statements.