SOC 2 Trust Services
AICPA TSC SOC 2 Security + 4 optional criteria.
Definition
SOC 2 TSC structure: Common Criteria CC1 Control Environment, CC2 Communication, CC3 Risk Assessment, CC4 Monitoring, CC5 Control Activities, CC6 Logical/Physical Access, CC7 System Operations, CC8 Change Management, CC9 Risk Mitigation. Additional criteria: Availability A, Processing Integrity PI, Confidentiality C, Privacy P. Audit by CPA firms (Deloitte, EY, PwC, KPMG, Grant Thornton, A-LIGN, Schellman).
Origin
AICPA, first framework 2010, TSC revision 2017, update 2022.
Usage
Quasi-mandatory for any B2B SaaS selling to US enterprise. Competes with ISO 27001 (international, but more formal).