28. What are the Trust Services Principles (TSP), and why are policies and procedures so important regarding the TSP and do you offer such documentation?
The Trust Services Principles (TSP) essentially are criteria established jointly the Canadian Institute of Chartered Accountants (CICA) and the American Institute of Certified Public Accountants (AICPA) for use by practitioners when providing attest and assurance services on specified systems relating to (1). Security (2). Availability (3). Processing Integrity (4). Confidentiality, and (5). Privacy. In simpler terms, the five (5) aforementioned TSP consist of a set of predefined criteria relating to best practices for each of the respective areas. For example, criteria for the “security” TSP calls for “defining and documenting” its policies, “communicating its system policies”, along with many other provisions and mandates.
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
Compliance with the Trust Services Principles Requires Policies and Procedures | Order Today
What’s very important to grasp from this is two-fold: (1). The Trust Services Principles are a core component of SOC 2 and SOC 3 reporting under the AICPA Service Organization Control reporting framework. (2). Documented policies and procedures are required for many areas within the Trust Services Principles. In short, achieving SOC 2 and SOC 3 compliance means having documented policies and procedures in place. Tall order for most service organizations –as writing policies is never high on anyone’s list – that’s why the Global Information Security Compliane Packet (GISCP) set of operational, business specific, and information security policies, procedures – and more – from Flat Iron Technologies, LLC is a must-have for SOC 2 and SOC 3 reporting.
Hundreds of Policies and Templates Available for SOC 2 and SOC 3 Compliance | Download
Regulatory compliance is a big and growing component for any organization today – it’s just a fact of life – stop and think about the industry you’re in, and chances are that SOC compliance (SOC 1, SOC 2, and SOC 3) is a part of it. If not SOC reporting, then more than likely some other type of industry specific requirement, which will ultimately mandate documented policies and procedures to be in place. And remember, when it comes to regulatory compliance, policies and procedures are always at the very top of the list for auditors to validate. No need to spend precious time developing them on your own – trust the experts at Flat Iron Technologies, LLC and the Global Information Security Compliane Packet (GISCP) set of operational, business specific, and information security policies, procedures, and other supporting templates.