HA&W
404-892-9651

Service Organization Control 3: Trust Services Principles & Criteria

NEW!
Case Study: Enhanced Reporting Gives Investors and Brokers Peace of Mind

SOC 3 for Trust Services Principles & Criteria is an approach for service organizations to apply and report on operational and/or compliance controls that may affect users of their service.

An SOC 3 report demonstrates an independent auditor’s review of a service organization’s application of criteria related to one or more of the Trust Services Principles, which are:

  1. Security: The system is protected against unauthorized access (both physical and logical).
  2. Availability: The system is available for operation and use as committed or agreed.
  3. Processing integrity: System processing is complete, accurate, timely, and authorized.
  4. Confidentiality: Information designated as confidential is protected as committed or agreed.
  5. Privacy: Personal information (i.e., information that is about or can be related to an identifiable individual) is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles (GAPP) issued by the AICPA and CICA.

Under a SOC 3 report, management asserts that, during the period covered by the report and based on the AICPA Trust Services criteria, it maintained effective controls over the system under examination to satisfy the stated trust services principle(s) and criteria. Compared to the SOC 2 report, the SOC 3 assertion and system description is more general purpose. An SOC 2 report is likely to be a Restricted Use report, whereas a SOC 3 report is an Unrestricted Use report, meaning it can be freely used for marketing purposes.

Click here for more information on Privacy Risk Management

Click here for more information on Trust Services Principles

Click here for more information on SOC 1 for Service Organization Controls over SSAE 16 / SAS 70

Click here for more information about SOC 2 for Service Organization Controls over Security, Confidentiality, Processing Integrity, Availability, and Privacy.

For more information, contact Dan Schroeder.
Quick Links

Staff | Careers | Pay Online
Peer Review | Today's Tax Alert
HA&W Chinese Web Site

eNewsletter
First Name:
Last Name:
Email:

Accounting Today - 2012 Top 100 Firms
an independent member of Baker Tilly International
Inside Public Accounting - 2011 Top 50 Firms


For more information, call 404-892-9651 (Atlanta, GA) or 941-955-4429 (Sarasota, FL) or send email to info@hawcpa.com. Atlanta, GA: Five Concourse Parkway Suite 1000 Atlanta, GA 30328. Sarasota, FL: 1990 Main Street, Suite 750 Sarasota, FL 34236. Copyright © Habif, Arogeti & Wynne, LLP. All Rights Reserved.