SOC 3 reports are a very important component of reporting on controls at service organizations, with many technology entities now moving forward with SOC 3 compliance. The five (5) Trust Services Criteria (TSC) that are used for reporting on SOC 3 allow service organizations to demonstrate a high degree of confidence to stakeholders regarding the risks inherent to their environments, as well as the controls in place to address those risks.
Please note that the actual WebTrust assurance platform is designed for businesses with e-commerce systems, as this allows a licensed practitioner to report on an organization's framework and supporting controls regarding online privacy (i.e., the "Privacy" TSP), consumer protection (i.e., the "Processing Integrity" TSP), and other essential principles within the TSP.
Thus, a WebTrust Certification (or seal) is provided to an organization who successfully adheres to the WebTrust assurance services, for which interested parties can view the seal, along with clicking the link embedded from the AICPA within the seal to view the supporting audit report.
SysTrust, on the other hand is more broad-based, and provides a platform suitable for reporting on a wide variety of I.T. systems within an organization. Specifically, SysTrust assurance services are designed to cover the following subject areas:
- SysTrust Security
- SysTrust Processing Integrity
- SysTrust Availability
- SysTrust Confidentiality
- SysTrust System Reliability: Combines the SysTrust Security, Processing Integrity and Availability engagements
- Generic SysTrust Seal: Spans one or more combinations of any SysTrust engagements listed above