Trust Service Criteria is a set of criteria developed by the American Institute of CPAs (AICPA) for assessing controls related to security, availability, processing integrity, confidentiality, and privacy in service organizations undergoing audits such as SOC 2.
Auditors utilize the AICPA’s Trust Services Criteria as a framework to decide which security and compliance measures to look for in an organization. Security is the only Trust Services Criteria that must be included in every SOC 2 report; however, auditors can choose to include Availability and Processing Integrity as well, once the audit scope has been established.
It is important for essential standards guiding audits, ensuring service organizations meet rigorous benchmarks in safeguarding data, and upholding client trust.