SOC 3 SysTrust WebTrust Reporting Services

SOC 3 reports are based on the SysTrust | WebTrust assurance and advisory services, more commonly known as the Trust Services.  Within this established SysTrust | WebTrust framework, which was developed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA), there are the five (5) principles: (1). Security. (2) Availability. (3). Processing Integrity. (4). Confidentiality. (5). Privacy.

SOC 3 Reporting

SOC 3 reports are a very important component of reporting on controls at service organizations, with many technology entities now moving forward with SOC 3 compliance.  The five (5) Trust Services Principles (TSP) that are used for reporting on SOC 3 allow service organizations to demonstrate a high degree of confidence to stakeholders regarding the risks inherent to their environments, as well as the controls in place to address those risks.  SOC 3 reporting, because of its rather large scope (you can include all 5 TSP) and its applicability to many technology and cloud-computing businesses, will continue to evolve as a viable reporting option when SOC 1 (or even SOC 2) is not conducive.  Please contact NDB Accountants at 1-800-277-5415, ext. 706 to speak with Christopher G. Nickell, or email him at This email address is being protected from spambots. You need JavaScript enabled to view it. .

WebTrust

Please note that the actual WebTrust assurance platform is designed for businesses with e-commerce systems, as this allows a licensed practitioner to report on an organization's framework and supporting controls regarding online privacy (i.e., the "Privacy" TSP), consumer protection (i.e., the "Processing Integrity" TSP), and other essential principles within the TSP.  Thus, a WebTrust Certification (or seal) is provided to an organization who successfully adheres to the WebTrust assurance services, for which interested parties can view the seal, along with clicking the link embedded from the AICPA within the seal to view the supporting audit report.

SysTrust

SysTrust, on the other hand is more broad-based, and provides a platform suitable for reporting on a wide variety of I.T. systems within an organization.  Specifically, SysTrust assurance services are designed to cover the following subject areas:

1. SysTrust Security
2. SysTrust Processing Integrity
3. SysTrust Availability
4. SysTrust Confidentiality
5. SysTrust System Reliability: Combines the SysTrust Security, Processing Integrity and Availability engagements
6. Generic SysTrust Seal: Spans one or more combinations of any SysTrust engagements listed above

Additionally, there seems to be some confusion as to the "seals" that can be obtained for WebTrust and SysTrust, thus consider the following as helpful guidance on this matter:

Engagement Type

IT Systems

e-commerce Systems

Security

SysTrust

WebTrust

Privacy

-

WebTrust

Processing Integrity

SysTrust

WebTrust

Availability

SysTrust

WebTrust

Confidentiality

SysTrust

WebTrust

Certification Authorities

-

WebTrust

Consumer Protection

-

WebTrust

System Reliability

SysTrust

-

Other Engagement Combinations

SysTrust

WebTrust

You can learn more by visiting http://www.webtrust.org/find-a-seal/item64418.aspx.

SOC 3 Resource Guide

NDB has also developed the official SSAE 16 Resource Guide, a site dedicated to all facets of Service Organization Control (SOC) reporting – SOC 1, SOC 2, and SOC 3.  To learn more about our services, please contact us today. As such, the following notable topics regarding SOC 3 are discussed:

SOC 3 Reports and the Trust Services Principles (TSP)
SOC 1, SOC 2 and SOC 3 Overview
AT Section 101

 

 

From I.T.consultants to seasoned regulatory compliance auditors, our firm's wide expertise is diverse, cross-functional, and highly experienced in all our service lines.

From I.T.consultants to seasoned regulatory compliance auditors, our firm's wide expertise is diverse, cross-functional, and highly experienced in all our service lines.