The Trust Services Principles (TSP) consist of criteria established jointly the Canadian Institute of Chartered Accountants (CICA) and the American Institute of Certified Public Accountants (AICPA) for use by practitioners offering attest and assurance services relating to Security, Availability, Processing Integrity, Confidentiality, and Privacy, which are defined as the following:
- Security - The system is protected against unauthorized access (both physical and logical).
- Availability - The system is available for operation and use as committed or agreed.
- Processing integrity - System processing is complete, accurate, timely, and authorized.
- Confidentiality - Information designated as confidential is protected as committed or agreed.
- Privacy - Personal information is collected, used, retained, and disclosed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted. Privacy Principles issued by the AICPA/CICA | Source: aicpa.org
Additionally, each of the five (5) TSP are organized into the following seven (7) broad areas (effective for reporting on or after December 15,2014):
- Organization and management
- Risk management and implementation of controls
- Monitoring of controls
- Logical and physical access controls
- System operations, and
- Change management
Learn more about our signature product, the Global Information Security Compliance Packet (GISCP), the world's most complete security policy packet containing over 2,850 + pages of in-depth information security policies, procedures, forms, checklists, templates, provisioning and hardening documents, and much more.
Learn more today about the GISCP by viewing sample policies, forms, hardening documents, and more.
Information Security Policies | A Large Part of SOC Compliance
The Trust Services Principles have become well-recognized because they’re a critical component of the AICPA Service Organization Control (SOC) reporting framework, specifically for SOC 2 and SOC 3 reporting. Yet most businesses spend huge operational and financial resources regarding SOC 2 and SOC 3 compliance for one notable reason - little to no policies and procedures. That’s right, successful SOC 2 and SOC 3 reporting are highly dependent upon service organizations having documented operational, business specific, and information security policies and procedures in place.
Download Information Security Policies for SOC 1 | SOC 2 | SOC 3
Your solution is the Global Information Security Compliance Packet (GISCP) from Flat Iron Technologies, LLC containing literally hundreds of policies, procedures, forms, checklists, templates, provisioning and hardening documents - and more. From much-needed information security forms to numerous operational and business specific templates, the documentation offered by Flat Iron Technologies, LLC has it all.