SOC2 - Trust Services Criteria

AICPA Trust Services Standard for Safeguarding Customer Information

Meet the requirements of the SOC2 – Trust Services Criteria while managing compliance with ALL your IT Security requirements . . . regardless of source. Experience true Cybersecurity Risk Management based on the guidelines set forth by the Trust Services Criteria.

SOC2 - TRUST SERVICES CRITERIA

What is the AICPA Trust Services Criteria?

System and Organization Controls (SOC) as defined by the American Institute of Certified Public Accountants (AICPA), is the name of a suite of reports produced during an audit. It is intended for use by service organizations to issue validated reports of internal controls over those information systems to the users of those services. The reports focus on controls grouped into five categories called the Trust Service Criteria. These control criteria are to be used by the practitioner/examiner (Certified Public Accountant, CPA) in attestation or consulting engagements to evaluate and report on controls of information systems offered as a service.

But if you don’t want to get into the weeds of a ton of regulatory lingo, we’ll summarize what you need to know, and how our software can help you navigate the waters of the regulation, and comply with all its requirements, without having to be a regulatory expert.

The Trust Services Criteria Standard for Safeguarding Customer Information.

The Trust Services Criteria, authored by the AICPA, outlines industry standards for managing customer data based on five principles: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Achieving SOC2 compliance signals to your clients and partners that your organization is committed to maintaining high levels of data security and integrity.

What Sections of the SOC2 - Trust Services Criteria are Covered

Compliance Manager GRC covers an organization’s implementation of the Trust Services Criteria that were designed so that they can provide flexibility in application to better suit the unique controls implemented by an organization to address the risks and threats it faces.

SOC 2 reports focus on controls addressed by the five semi-overlapping categories called Trust Service Criteria which also support the CIA triad of information security.

Security – information and systems are protected against unauthorized access and disclosure, and damage to the system that could compromise the availability, confidentiality, integrity and privacy of the system.

  • Firewalls
  • Intrusion detection
  • Multi-factor authentication

Availability – information and systems are available for operational use.

  • Performance monitoring
  • Disaster recovery
  • Incident handling

Confidentiality –information is protected and available on a legitimate need to know basis. Applies to various types of sensitive information.

  • Encryption
  • Access controls
  • Firewalls

Processing Integrity – system processing is complete, valid, accurate, timely and authorized.

  • Quality assurance
  • Process monitoring
  • Adherence to principle

Privacy – personal information is collected, used, retained, disclosed and disposed according to policy. Privacy applies only to personal information.

  • Access control
  • Multi-factor authentication
  • Encryption

Jurisdiction and Penalties

SOC 2 Audits can be conducted only by either a Certified Public Accountant (CPA) or a certified technical expert belonging to an audit firm licensed by the AICPA.

The SOC 2 Audit provides the organization’s detailed internal controls reports made in Compliance Manager GRC with the 5 trust service criteria. It shows how well the organization safeguards customer data and assures them that the organization provides services in a secure and reliable way. SOC 2 reports are therefore intended to be made available for the customers and other stakeholders only.

Navigate the AICPA SOC 2 Standard with Compliance Manager GRC, your trusted partner in managing IT compliance.

Featured Product Highlights for This Standard

You can use your existing IT security and privacy tools to implement the required safeguards specified by the Rule, but Compliance Manager GRC includes some additional specialized functionality you will need to fully comply.

Here are a few of the value-added features included with Compliance Manager GRC the apply to this standard:

  • Rapid Baseline Assessments – Quickly identify gaps according to the Trust Services Criteria.
  • Technical Risk Assessments – Full risk assessment (based on five principles—Security, Availability, Processing Integrity, Confidentiality, and Privacy).
  • Policies & Procedures Manual – Required documentation.
  • Employee Awareness Training Portal – Tracking and reporting.
  • Customizable standards and controls – Modify your procedures to match your specific way of complying.
  • Role-based access — Helps involve others in complying with AICPA SOC 2.
  • Automated Documentation & Reporting – Provides documentation for AICPA SOC 2 audits.
  • Vendor Management Portal —  Perform vendor assessments against the AICPA SOC 2 standard.
  • Auditor’s Checklist – Essential in the event of an audit or breach.

 

Best of all, you can use this same platform to manage compliance with all your other IT requirements — including compliance other government and industry rules and regs, with the security terms of your cyber insurance policy, and even compliance with your own internal IT policies.

COMPLETE: ALL-IN-ONE SOLUTION

Whether complying with the SOC2 – Trust Services Criteria, tracking terms of your cyber risk insurance policy, or making sure your own IT policies and procedures are being followed, Compliance Manager GRC helps you Get IT All Done at the same time, and in the same place. No other Compliance Management software gives you this kind of flexibility.

AUTOMATED: ASSESSMENTS & REPORTS

Assuring compliance with the SOC2 – Trust Services Criteria – and all your other IT requirements – is easy with Compliance Manager GRC. You can get more work done with less labor, thanks to automated data collection, automated management plans, and automated document generation.

AFFORDABLE FOR ALL

Compliance Manager GRC is priced to be affordable for the smallest organizations, yet boasts the power and functionality most often found in expensive, enterprise-class governance, risk and compliance platforms. Whether you are managing compliance for your own organization or are an MSP delivering compliance-as-a-service, there’s a sensible subscription for you.

Request a Demo today and discover the advantages of Compliance Manager GRC — the purpose-built compliance process management platform for multifunctional IT professionals.

Overcome the Biggest IT Challenges and Responsibilities

  • Reduce Risk
  • Reduce Complexity
  • Save Money
Get a Demo