Assurance and Advisory Services

    Trust Services and Information Integrity 

    The ASEC Trust Information Integrity Task Force is focused on updating and maintaining the Trust Services Principles and Criteria (TSPC) and creating a framework of principles and criteria to provide assurance on the integrity of information.

    Trust Services are a set of professional attestation and advisory services based on a core set of principles and criteria that address the risks and opportunities of IT-enabled systems and privacy programs. The following principles and related criteria are used by practitioners in the performance of Trust Services engagements:

    • Security. The system is protected against unauthorized access.
    • Availability. The system is available for operation and use as committed or agreed.
    • Processing integrity. System processing is complete, valid, accurate, timely, and authorized.
    • Confidentiality. Information designated as confidential is protected as committed or agreed.
    • Privacy. Personal information is collected, used, retained, disclosed  and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in Generally Accepted Privacy Principles issued by the AICPA and CICA.

    The TSPC of security, availability and processing integrity are used to evaluate whether a system is reliable. The TSPC can be found in the AICPA Technical Practice Aids Volume 1.

    The Task Force has developed the SOC 2 Guide, Reporting on Controls at a Service Organization Relevant to the Security, Availability Processing Integrity, Confidentiality or Privacy of User Entities Information- An Application of the Trust Services Principles and Criteria.  Learn more about Service Organization Control (SOC) reporting.

    In conjunction with the with the Canadian Institute of Chartered Accountants the task force recently issued  a white paper on Information Integrity.  The purpose of the paper is to define what information integrity means and provide context for it for users and preparers of information and providers of assurance on such information.  The white paper focuses on what it means for information to have integrity and how information integrity can be achieved and maintained.

    Technical Practice Aids

    Contains all outstanding AICPA Statements of Position, Practice Bulletins and Practice Alerts.

    Open Hide documents in this section

    Page  1 2 3 4
    Showing results 1 - 15 of 49
    Order by:

    Assurance and Advisory

    Overview Find information and resources to keep abreast of new and emerging reporting and assurance needs and help you embrace new service opportunities.
    Published on June 15, 2015

    Proposed Revision of Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidenti...

    Exposure Draft Issued June 15, 2015, the exposure draft will amend TSP section 100, and supersede Appendix D, “Generally Accepted Privacy Principles,” of TSP Section 100A. The comment period ends on August 15, 2015.
    Published on June 15, 2015

    Service Organization Control (SOC) Reports

    Overview Service Organization Control  Reports® are internal control reports on the services provided by a service organization. SOC reports provide valuable information users need to assess and address the risks associated with an outsourced service. The AICPA provides tools and resources to CPAs, service organizations and user entities needed to build
    Published on June 04, 2015

    Service Organization Controls (SOC) Reports for Service Organizations

    Overview Service Organization Controls (SOC) reports are designed to help service organizations, organizations that operate information systems and provide information system services to other entities, build trust and confidence in their service delivery processes and controls through a report by an independent Certified Public Accountant.  Each type of SOC report is designed to help
    Published on May 22, 2015

    Information for Management of a Service Organization

    Guide Adapted from the SOC 2 Guide, Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy this document is to assist management of a service organization in preparing its description of the service organization’s system, which serves as the basis for a SOC 2
    Published on May 20, 2015

    Users and User Entities

    Article Many companies function more efficiently and profitably by outsourcing tasks or entire functions to service organizations that have the personnel, expertise, equipment, or technology to accomplish these tasks or functions. Examples of  such servic
    Published on April 06, 2015

    Assurance Services Executive Committee

    Article The ASEC's mission is to assure the quality, relevance, and usefulness of information or its context for decision makers and other users by identifying and prioritizing emerging trends and market needs for assurance, and developing related assurance methodology guidance and tools as needed.
    Published on March 03, 2015

    Audit Data Standard Working Group

    Article ASEC’s Emerging Assurance Technologies Task Force established the Audit Data Standard working group. The first three Audit Data Standards have been released: base standard, general ledger standard, and accounts receivable subledger standard.
    Published on March 03, 2015

    Whitepaper - How to Design a Credible Verification Program

    White Paper This white paper is intended to assist organizations such as government agencies and legislative bodies, business organizations, not-for-profit organizations, and associations that are considering establishing and designing a third-party verification program.
    Published on February 26, 2015

    AICPA Service Organization Control Reports Logos

    Article SOC 1, SOC 2 and SOC 3 and the associated logos are trademarks, service marks and certification marks of the American Institute of Certified Public Accountants (AICPA), which reserves all rights. AICPA has
    Published on December 19, 2014

    SOC Reports Information for CPAs

    Overview The AICPA has introduced SERVICE ORGANIZATION CONTROL REPORTS® and identified 3 different engagements (SOC 1, SOC 2 and SOC 3) that involve reporting on controls at a service organization.
    Published on December 19, 2014

    SOC 2

    Article A collection of reports to help users understand controls at service organizations as it relates to security, availability, processing integrity, confidentiality and privacy.
    Published on December 19, 2014

    SOC 3

    Article Trust Services Report for Service Organizations SOC 3® reports are designed to meet the needs of uses who want assurance on the controls at a service organization related to security, availability, processing integrity, confidentiality, or priv
    Published on December 19, 2014

    Service Organization Control Reports Flyer

    Brochure Which SOC report is right for your client? This flyer explains the three types of SOC reports and gives insights into the users who rely on each type of report.
    Published on December 19, 2014

    SOC Reports(SM) Powerpoint

    Presentation The AICPA developed resources to help CPAs explain the new series of SOC reports to current and potential clients, and for firms to market their services to them. Use this PowerPoint which includes speaker notes to conduct presentations on the new SOC reports.
    Published on December 19, 2014

    Page  1 2 3 4
    Showing results 1 – 15 of 49
    Show Results per page
    Copyright © 2006-2015 American Institute of CPAs.