By: Sara McLane, Senior Auditor at A-LIGN
In February of 2014, the AICPA released the new Trust Services Principles and Criteria (TSP) for Security, Availability, Processing Integrity, Confidentiality, and Privacy. The updated TSP will have a positive effect on our clients and other organizations obtaining a SOC 2 report by increasing the clarity for readers and users of the report. The updated TSP also reduces the appearance of redundancy.
The TSP is now broken into two key components. The first major component is the common criteria. These criterions are applicable to Security, Availability, Processing Integrity, and Confidentiality. The Privacy criterions are set forth by the Generally Accepted Privacy Principles (GAPP) and are currently under revision to be released separately. The common criteria are now comprised of seven categories whereas the prior version of the TSP had four categories: policies, communications, procedures, and monitoring.