Skip to content
Log in

Trust Service Criteria (TSC)

Definition

The five criteria used to evaluate controls in a SOC 2 engagement: Security, Availability, Processing Integrity, Confidentiality, and Privacy. The criteria are defined in the AICPA's 2017 Trust Services Criteria publication and updated periodically.

Related terms

Complementary User Entity Controls (CUECs)
Controls that the service organisation's system design assumes the user entity will implement. Listed in the SOC 2 report. If the user...
SOC 1 (SSAE 18)
A report on controls at a service organisation that are relevant to user entities' financial statements. Governed by Statement on Standards for...
SOC 2
A report on controls relevant to the AICPA's Trust Service Criteria. Produced under the AT-C 205 attestation standard. Covers Security (mandatory) plus...
Type I report
An attestation report that provides an auditor's opinion on whether controls are suitably designed to meet the stated control objectives, assessed at...
Type II report
An attestation report that provides an auditor's opinion on both the suitability of design and the operating effectiveness of controls over a...

Explained in

  • SOC Reports and Third-Party AssuranceThe five criteria used to evaluate controls in a SOC 2 engagement: Security, Availability, Processing Integrity, Confidentiality, and Privacy. The criteria are...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account