QRC Assurance And Solutions Pvt. Ltd.

What is Trust Services Criteria's Common Criteria?

What is Trust Services Criteria's Common Criteria?

The Trust Services Criteria (TSC) harmonizes with the 17 principles outlined in the COSO framework, a comprehensive internal control framework applied at both entity-wide and segment levels enabling TSC’s seamless application in organization-wide assessments for reporting. Depending on which category or categories are included within the scope of the examination, the applicable trust services criteria consist of : 

  1. Criteria common to all five of the trust service categories (common criteria)
  2. Additional specific criteria for the availability, processing integrity, confidentiality, and privacy categories.

Common Criteria :  The "common criteria" refer to a set of standardized criteria or guidelines used to assess controls within the framework of SOC 2 compliance. They are employed to evaluate controls focusing on the Trust Services Criteria.

The service organization designs, implements, and operates controls at an entity level to support the achievement of its service commitments and system requirements based on the common criteria. This is particularly true for controls that address the control environment criteria. Criteria’s applicable to specific categories are also labeled under Availability (A series), Processing integrity (PI series), Confidentiality (C series), Privacy (P series).

Trust Services Category

Common
Criteria

Additional Category
Specific Criteria

Security

X

 

Availability

X

X

Processing integrity

X

X

Confidentiality

X

X

Privacy

X

X

  The common criteria presented are organized into the following classifications:

  • Control environment (CC1 series)
  • Communication and information (CC2 series)
  • Risk assessment (CC3 series)
  • Monitoring activities (CC4 series)
  • Control activities (CC5 series) 
Control activities are further broken out into the following sub-classifications: Logical and Physical access controls (CC6 series), System Operations (CC7 series), Change Management (CC8 series), and Risk Mitigation (CC 9 series).

Top Featured Posts
Related Blogs

Copyright 2024 @ QRC Assessments Services Pvt. Ltd. | All Rights Reserved.

LinkedIn Youtube

We use cookies to enhance your user experience. By continuing to browse, you hereby agree to the use of cookies. Know more Privacy Policy & Cookies Policy.

X