The ASEC Trust Information Integrity Task Force is focused on updating and maintaining the Trust Services Principles and Criteria (TSPC) and creating a framework of principles and criteria to provide assurance on the integrity of information.
Trust Services are a set of professional attestation and advisory services based on a core set of principles and criteria that address the risks and opportunities of IT-enabled systems and privacy programs. The following principles and related criteria are used by practitioners in the performance of Trust Services engagements:
- Security. The system is protected against unauthorized access.
- Availability. The system is available for operation and use as committed or agreed.
- Processing integrity. System processing is complete, valid, accurate, timely, and authorized.
- Confidentiality. Information designated as confidential is protected as committed or agreed.
- Privacy. Personal information is collected, used, retained, disclosed and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA and CICA.
The TSPC of security, availability and processing integrity are used to evaluate whether a system is reliable. The TSPC can be found in the publication Trust Services Principles, Criteria and Illustrations.
The Task Force has developed the SOC 2SM Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy (SOC 2SM). Learn more about Service Organization Control (SOC) reporting.
In conjunction with the with the Canadian Institute of Chartered Accountants the task force recently issued a white paper on Information Integrity. The purpose of the paper is to define what information integrity means and provide context for it for users and preparers of information and providers of assurance on such information. The white paper focuses on what it means for information to have integrity and how information integrity can be achieved and maintained.
Trust Services Principles and Criteria Mapping
The task force has developed mappings of the Trust Services Principles and Criteria to various frameworks to assist practitioners utilizing the SOC 2SM reporting framework to report on additional subject matter.