The SOC 2 Security Principle is one of the five (5) Trust Services Principles (TSP) that are utilized when conducting SOC 2 assessments on today’s growing list of technology driven service organizations. It’s also become the most widely known of all the TSP’s, as it provides a solid baseline when assessing companies for SOC 2 compliance. As for the TSP’s themselves, look upon them as a set of broad based provisions consisting of prescriptive criteria for a large number of information security and operational best practices. Learn more about NDB's complimentary SOC 1 Policy Packets and SOC 2 Policy Packets. They truly make a big difference in helping service organizations save thousands of dollars on SOC compliance.
Specifically, the five (5) Trust Services Principles (TSP) are the following:
- The security of a service organization's system.
- The availability of a service organization's system.
- The processing integrity of a service organization's system.
- The confidentiality of the information that the service organization's system processes or maintains for user entities.
- The privacy of personal information that the service organization collects, uses, retains, discloses, and disposes of for user entities.
As for the “Security” TSP, it requires service organizations to have in place highly formalized and documented policies, procedures, and processes. More specifically, it means having documentation stating the policies, and then actually having personnel undertaking the stated procedures. Ultimately, this mandates that service organizations put in place a large number of information security and operational policies, procedures, and other supporting documentation. And this is also where companies struggle immensely, as they generally have little to no policy material in place. A good place to start would be myinformationsecuritypolicy.com, which offers high-quality security templates at an extremely reasonable fee. Additionally, NDB also offers comprehensive security policy documents when you engage with us to perform your SOC 2 assessments.
In regards to the specifics of the “Security” TSP, the essential “criteria”, for which all service organizations would be assessed against, consist of the following:
- Policies: The entity defines and documents its policies for the security of the system.
- Communications: The entity communicates its defined system security policies to responsible parties and authorized users.
- Procedures: The entity placed in operation procedures to achieve its documented system security objectives in accordance with its defined policies.
- Monitoring: The entity monitors the system and takes action to maintain compliance with its defined system security policies.
To learn more about the SOC 2 Security principle, contact Christopher. G. Nickell, CPA, at 1-800-277-5415, ext. 706 or via email at firstname.lastname@example.org. NDB offers competitively priced, fixed fee assessments for SOC 1, SOC 2, and SOC 3 reporting, and are also the recognized leader in North America for such services. Additionally, NDB also provides comprehensive PCI DSS assessments, along with HIPAA consulting services, and more.