SOC 3 SysTrust/WebTrust audit and assurance services, also known as the Trust Services, are a broad-based set of principles and criteria put forth jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). The need for Trust Services, such as SysTrust and WebTrust, have grown considerably in recent years, due in large part to the advent and growth of e-commerce and the overall e-business environment, which results in tremendous amounts of sensitive and confidential data traversing from entity to entity, often involving financial related information.
In short, we live in a digital world where information is transparent, readily available, and can be accessed anytime by almost anyone, anywhere. The need to protect e-commerce systems and other supporting I.T. systems and platforms is vitally important, now more than ever.
Service Organization Control (SOC) 3 reports are to be conducted in accordance with AT Section 101 and prepared using the AICPA and the Canadian Institute of Chartered Accountants (CICA) Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy. Please not that because these are general use reports, SOC 3 Reports can be freely distributed and/or posted on a website via a seal.
The main provisions of the Trust Services Principles are as follows:
- Availability: That the system is available for operation and use as committed or agreed.
- Security: That the system is protected against unauthorized access, both physically and logically.