In August 2017, the American Institute for Certified Public Accountants (AICPA) issued updated Trust Services Criteria (TSC) for security, availability, processing integrity, confidentiality and privacy. The TSC is a set of control criteria used to evaluate and report on controls as part of SOC 2 examinations, as well as the recently introduced SOC for Cybersecurity.
The updated TSC will be required for SOC reports for periods ending on or after Dec. 15, 2018. The previous version of the TSC (issued March 2016) may be used during the transition period.
Use this guide's key steps to better understand and prepare for the new criteria requirements.
For more information on this topic, or to learn how Baker Tilly SOC reporting specialists can help, contact our team.