It’s also important that Canadian companies have a strong understanding of SOC 2 compliance, which means learning about the five (5) Trust Services Principles (TSP). More specifically, the TSP’s are criteria based provisions that consist of the following:
- The security of a service organization's system.
- The availability of a service organization's system.
- The processing integrity of a service organization's system.
- The confidentiality of the information that the service organization's system processes or maintains for user entities.
- The privacy of personal information that the service organization collects, uses, retains, discloses, and disposes of for user entities.
Moreover, included within the TSP’s are the following 7 areas:
- Organization and management
- Risk management and implementation of controls
- Monitoring of controls
- Logical and physical access controls
- System operations, and
- Change management