AICPA Trust Services Criteria (SOC2)

Region

US

Focus

Organisational Management

Description

SOC, or System and Organisation Controls, is a set of frameworks developed by the American Institute of Certified Public Accountants (AICPA) to help organisations demonstrate that their systems and controls meet rigorous criteria for data security and operational integrity. SOC 1 focuses on internal controls relevant to financial reporting, SOC 2 emphasises trust services criteria such as security, availability, processing integrity, confidentiality, and privacy, while SOC 3 is a general-use version of SOC 2 that provides insights into compliance without disclosing sensitive details. These reports are widely adopted by service providers to build trust, showcase compliance, and assure stakeholders of their commitment to security and reliability.

Key Details

Developed by the American Institute of Certified Public Accountants (AICPA). Commonly used for SOC 2 audits to ensure systems meet trust services criteria. Covers areas such as risk management, data integrity, and system resilience. Recognised globally for its robust assurance methodologies.

More Information

AICPA Official Resource.