2017 Trust Services Criteria (TSC) Mappings to Various Frameworks
The 2017 TSC Mappings in the links below identify the relationship between the 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (includes March 2020 updates) (TSC) and the requirements in a specified framework. The purpose of these mappings is to enhance the understanding of an organization’s objectives (e.g., system requirements) related to a framework and its controls to provide reasonable assurance that those objectives are achieved. The specific requirements of a framework may be points of focus for the identified TSC. The tool may be used by service auditors to:
- Assess, in a SOC examination, whether the TSC for a category are met when management uses the framework as a system requirement, and
- Evaluate whether the framework may be considered suitable criteria per AT-C section 105.25(ii) when such criteria are to be used to evaluate the subject matter in (a) a SOC examination or (b) another attestation examination involving one or more of the TSC categories.