About SOC3 (Systrust Webtrust) Report
Trust Services (including WebTrust and SysTrust) are audits that were specifically designed for companies looking for independent assurance related to Information Systems and e-Commerce activities. The Assurance Services Executive Committee of the AICPA has developed \ criteria to provide guidance over reporting on the security, availability, processing integrity, privacy, and confidentiality of systems.
Benefits of Complying with Trust Services
The world is rapidly evolving with new technologies and the dependence on secure and reliable information systems has never been more crucial than in today’s market. It has become increasingly important to gain the trust and confidence of your customers and business partners especially when they rely on your systems for the confidentiality and privacy of their data or the accuracy of transaction processing and the availability of systems required for transaction processing. Studies have found that 91% of consumers would buy more goods and services if the e-Commerce site’s practices are verified and 58% of these consumers are more willing to recommend the site to family and friends. Through the WebTrust and SysTrust services companies have the ability to establish their credibility and build confidence with important end users.
Customer who successfully complete a WebTrust and SysTrust attestation audit also have the option of marketing their systems or e-Commerce site with the internationally know WebTrust and SysTrust seals. Contact us today to start your assurance project.
Industries We Serve
- Application Service Providers (ASPs)
- Software as a Service (SaaS)
- Third Party Administrators
- Payroll Providers
- Professional Employer Organizations (PEOs)
- Collection Companies
- Data Center and Colocation Services
- Managed Service Provider
- ACH Processors
- Health Care
- Financial Services
Trust Services Principles
The following principles and related criteria have been developed by the AICPA and the Canadian Institute of Chartered Accountants (CICA) and are the foundation of the Trust Services Framework:
- Security: The system is protected against unauthorized access (both physical and logical).
- Availability: The system is available for operation and use as committed or agreed.
- Processing integrity: System processing is complete, accurate, timely, and authorized.
- Confidentiality: Information designated as confidential is protected as committed or agreed.
- Privacy: Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA.
The trust services principle and the criteria is evaluated in the following categories of security, availability, processing integrity, and confidentiality are organized in four broad areas, across all principles:
- (Policies): The entity has defined and documented its policies relevant to the particular principle.
- (Communications): The entity has communicated its defined policies to responsible parties and authorized users of the system.
- (Procedures): The entity placed in operation procedures to achieve its objectives in accordance with its defined policies.
- (Monitoring): The entity monitors the system and takes action to maintain compliance with its defined policies.
The below chart illustrates how the Principle and Criteria is evaluated:
AICPA / CICA Trust Services Principles, Criteria and Evaluation Matrix
|Security||The system is protected against unauthorized access (both physical and logical).||A, B, C & D|
|Availability||The system is available for operation and use as committed or agreed.||A, B, C & D|
|Processing Integrity||System processing is complete, accurate, timely, and authorized.||A, B, C & D|
|Confidentiality||Information designated as confidential is protected as committed or agreed.||A, B, C & D|
|Privacy||Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA.||A, B, C & D|