The ASEC Trust Information Integrity Task Force is focused on updating and maintaining the Trust Services Principles and Criteria (TSPC) and creating a framework of principles and criteria to provide assurance on the integrity of information.
Trust Services are a set of professional attestation and advisory services based on a core set of principles and criteria that address the risks and opportunities of IT-enabled systems and privacy programs. The following principles and related criteria are used by practitioners in the performance of Trust Services engagements:
- Security. The system is protected against unauthorized access, use, or modification to meet the entity’s commitments and system requirements.
- Availability. The system is available for operation and use to meet the entity’s commitments and system requirements.
- Processing integrity. System processing is complete, valid, accurate, timely, and authorized to meet the entity’s commitments and system requirements.
- Confidentiality. Information designated as confidential is protected to meet the entity’s commitments and system requirements.
- Privacy. Personal information is collected, used, retained, disclosed and disposed to meet the entity’s commitments and system requirements.
The TSPC of security, availability and processing integrity are used to evaluate whether a system is reliable. The TSPC can be found in the publication Trust Services Principles and Criteria.
The Task Force has developed the SOC 2® Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2®). Learn more about Service Organization Control (SOC) reporting.
In conjunction with the with the Canadian Institute of Chartered Accountants the task force recently issued a white paper on Information Integrity. The purpose of the paper is to define what information integrity means and provide context for it for users and preparers of information and providers of assurance on such information. The white paper focuses on what it means for information to have integrity and how information integrity can be achieved and maintained.
Trust Services Principles and Criteria Mapping
The task force has developed mappings of the Trust Services Principles and Criteria to various frameworks to assist practitioners utilizing the SOC 2® reporting framework to report on additional subject matter.