Trust Services are defined as a set of professional assurance and advisory services based on a common framework (that is, a core set of principles and criteria) to address the risks and opportunities of IT. Trust Services principles and criteria are issued by the Assurance Services Executive Committee of the AICPA.
The Trust Services Principles and Criteria provide guidance when offering assurance services, advisory services, or both on information technology (IT)-enabled systems including electronic commerce (ecommerce) systems. It is particularly relevant when providing services with respect to security, availability, processing integrity, privacy, and confidentiality.
Two specific assurance service offerings developed by the AICPA and CPA Canada, SysTrust and WebTrust, are based on the Trust Services Principles and Criteria. Practitioners now must be licensed by the CPA Canada to use these registered service marks.
|Getting Started with Trust Services
Trust Services helps protect the public interest and builds confidence among customers of e-commerce businesses that online businesses are addressing key concerns of their customers. Recent surveys show that independent verification is the most important way of instilling online trust in e-commerce. Concerns about e-commerce include security and privacy of personal information, whether orders will be properly fulfilled and billed, whether products are fresh or resold, and so forth.
CPAs are respected for their integrity, objectivity, and thoroughness. To become a Trust Services provider, the CPA firm must:
Be in good standing of the American Institute of Certified Public Accountants
Be majority owned by CPAs
Be part of a recognized quality control system
Sign a licensing agreement and remit an annual licensing fee to CPA Canada
Generally Accepted Privacy Principles in WebTrust Engagements
These frequently asked questions provide suggestions and clarifications on the application of GAPP in attestation engagements, with emphasis on those engagements in which the superseded Trust Services’ online privacy principle and criteria were used previously.
Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy
The criteria in TSP section 100 are effective for periods ending on or after December 15, 2014, with earlier implementation permitted. The privacy criteria are presented in appendix C, which includes a recent update with the addition of appendixes B and C in that appendix.
|WebTrust for Certification Authorities
This document provides a framework for licensed WebTrust® practitioners to assess the adequacy and effectiveness of the controls employed by certification authorities (CAs). The importance of this function will continue to increase as the need for third-party authentication to provide assurance with respect to electronic commerce (e-commerce) business activities increases.
Success in marketing and selling professional services such as Trust depends on knowing the market and service, planning, and hard work.
CPAs are already adept at selling compliance-related services such as audits and tax preparation. However, since the prospective client must first be convinced that Trust is beneficial, marketing and selling the service presents some unique challenges.
The first step in persuading a prospective Trust client is recognizing the challenges inherent in selling a professional service.
Visit the Marketing Trust Services page for additional information.