Trust Services Principles and Criteria

Publisher: AICPA
  • $39.00-$49.00
    Trust Services Principles and Criteria Online Access Product #: TSPCO
    AICPA Member: $39.00
    Non-Member: $49.00
  • $39.00-$49.00
    Trust Services Principles and Criteria Online Access Product #: TSPC16D
    AICPA Member: $39.00
    Non-Member: $49.00

This resource presents criteria for use when providing attestation or consulting services to evaluate controls relevant to the security, availability, and processing integrity of a system, and the confidentiality and privacy of the information processed by the system.

The guidance was established by the AICPA Assurance Services Executive Committee (ASEC) and is necessary when performing Service Organization Control -SOC 2® and SOC 3® engagements.

This edition:

  • Restructures and creates a new set of privacy criteria, offering a complete set of privacy criteria consisting of the common criteria plus the additional privacy criteria
  • Revises Appendix B, " Illustration of Risks and Controls for Sample Entity" to include the additional privacy criteria and examples of risks that may prevent the privacy criteria from being met as well as controls designed to address those risks. Additionally, certain revisions have been made to the illustrative risks and controls for the common criteria to conform to the additional privacy criteria
  • Modifies criteria CC3.1 and CC3.2 to clarify that the potential threats include those arising from the use of vendors and other third parties providing goods and services as well as threats arising from customer personnel and others with access to the system. Additionally, criterion CC3.3 was merged into CC3.1 and CC3.2 and eliminated for redundancy
  • Adds two new confidentiality criteria, C1.7 and C1.8, to address the retention and disposal of confidential information
  • Maps the new trust services privacy criteria to the extant generally accepted privacy principles

The trust services principles and criteria are effective for periods ending on or after December 15, 2016. Early implementation is permitted.

Key Benefits

  • New appendix mapping of the Trust Services Principles and Criteria to Extant Generally Accepted Privacy Principles
  • Updated Appendix B — Illustration of Risks and Controls for a Sample Entity for privacy
  • Expanded definitions

Who Will Benefit?

  • Practitioners performing attestation or consulting services
  • Practitioner performing SOC 2® and SOC 3® engagements

System Requirements

About the Publisher


About the AICPA The American Institute of CPAs is the world’s largest member association representing the accounting profession, with more than 412,000 members in 144 countries, and a history of serving the public interest since 1887. AICPA members represent many areas of practice, including business and industry, public practice, government, education and consulting. The AICPA sets ethical standards for the profession and U.S. auditing standards for private companies, nonprofit organizations, federal, state and local governments. It develops and grades the Uniform CPA Examination, and offers specialty credentials for CPAs who concentrate on personal financial planning; forensic accounting; business valuation; and information management and technology assurance. Through a joint venture with the Chartered Institute of Management Accountants, it has established the Chartered Global Management Accountant designation, which sets a new standard for global recognition of management accounting.