SOC 2 Trust Services Criteria Explained

By Murty Nisthala, CISA, CISSP, CCSP. Reviewed by Girija Togarati, ISO 27001 Lead Auditor.

SOC 2 evaluates your controls against the AICPA Trust Services Criteria. There are five criteria, and you choose which apply to your service.

Table of Contents

The five criteria

Security is mandatory and protects systems against unauthorised access. Availability covers uptime and resilience. Processing integrity ensures accurate, complete processing. Confidentiality protects sensitive information. Privacy governs personal information.

Which criteria to include

Every SOC 2 includes Security. You add Availability, Processing Integrity, Confidentiality or Privacy based on what your clients care about and what your service promises.

Scope it right

Including the right criteria keeps the audit focused and the report meaningful. Univate scopes the criteria during a free readiness assessment.

Univate Solutions delivers SOC 2 Certification in India end to end. Book a free consultation and get a fixed quote. Explore cybersecurity services.