Is your organization prepared for the upcoming changes to the SOC 2 reporting framework? All SOC 2 reports issued with a reporting period ending after December 15, 2018, must comply with the new Trust Services Criteria (also known as TSP 100) issued by the Assurance Services Executive Committee of the American Institute of Certified Public Accountants.
SOC 2 reports evaluate the effectiveness of controls over the security, availability, processing integrity, confidentiality, and privacy of information processed by systems at an entity, division, or operating unit level.
Revisions to the trust services criteria include an alignment of criterion with the Committee of Sponsoring Organization’s (“COSO”) Internal Control – Integrated Framework (“COSO Framework”) and add points of focus for each criterion. Additionally, TSP 100 includes disclosure requirements for any cybersecurity incidents, which may prevent the organization from meeting its service commitments and system requirements.