ASEC Issues Exposure Draft to Revise TSP Section 100, Trust Services Principles and Criteria for SOC 2 Reports

On June 15, the Assurance Services Executive Committee (ASEC) of the American Institute of CPAs (AICPA) issued an exposure draft proposing revisions to TSP section 100, Trust Services Principles and Criteria (TSPC) for Security, Availability, Processing Integrity, Confidentiality and Privacy for Service Organization Control (SOC) 2 reports.  These revisions are part of a continual effort from the ASEC to update the TSPC and keep them relevant in the changing technology and business environment.  The proposed effective date for the revised TSPC is for periods ending on or after March 15, 2016 with early implementation permitted.

The most significant proposed change is the creation of a new set of privacy criteria.  The current privacy criteria, which follow the “Generally Accepted Privacy Principles (GAPP)” will be superseded by the new set of privacy criteria.  The new set of privacy criteria will be made up of the set of common criteria and the additional criteria for the privacy principal.  Previously, there was no relationship between the common criteria and GAPP.  In addition, the “Illustrative Risks and Controls” section of TSP section 100 will be revised to include illustrative risks and additional illustrative controls related to the new set of privacy criteria. 

Proposed Changes to TSP Section 100, Trust Services Principles and Criteria for Security, Availability, Processing, Integrity, Confidentiality and Privacy for Service Organization Control (SOC) 2 Reports:

  • Clarification of criteria CC3.1 and CC3.3 to include potential threats that arise from the use of third parties;
  • Two additional criteria for Confidentiality, C1.7 and C1.8, to address retention and disposal of confidential information;
  • Minor revisions to the wording of existing criteria to provide clarity;
  • Revisions of explanatory paragraphs of TSP section 100 to provide clarity.

Practitioners and service organizations are encouraged to review the proposed changes and to provide comments by August 15, 2015. 

Please contact our SOC experts in Pittsburgh, PA or Columbus, OH to find out how the proposed revisions to TSP section 100 will affect your organization and your SOC 2 report and visit our SOC page for more information on SOC reports and how they can help your organization.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at contactSD@schneiderdowns.com.

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2020 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on

AICPA Provides Guidance for COVID-19 Considerations in a SOC Examination
Audit, SOC, Technology BY Troy Fine
Amazon Web Services (AWS) Best Practices For a Successful SOC 2 Examination
Audit, SOC, Technology BY Sara Hudak
SOC 2 + HITRUST vs. HITRUST Certified CSF reports - the Fundamentals
SOC 2 Considerations When Moving to a Remote Workforce
SOC BY Eric Davis
SOC Control Optimization and Efficiencies
SOC 2 Examinations - Keys to Success

Register to receive our weekly newsletter with our most recent columns and insights.

Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us

contact us

Map of Pittsburgh Office
Pittsburgh

One PPG Place, Suite 1700
Pittsburgh, PA 15222

contactsd@schneiderdowns.com
p:412.261.3644     f:412.261.4876

Map of Columbus Office
Columbus

65 East State Street, Suite 2000
Columbus, OH 43215

contactsd@schneiderdowns.com
p:614.621.4060     f:614.621.4062

Map of Washington Office
Washington, D.C.

1660 International Drive, Suite 600
McLean, VA 22102