Glossary

Trust Services Criteria

Also: TSC, SOC 2 criteria

The Trust Services Criteria are the set of criteria a SOC 2 examination is judged against, defined by the AICPA. They cover security (the common criteria, CC), and optionally availability, processing integrity, confidentiality, and privacy.

Most of the criteria are about process and evidence; the ones decided in code cluster in the CC6 common-criteria family for logical access.

In code

The code-facing criteria are things like CC6.1 (logical access), CC6.7 (protecting data in transit), CC7.2 (monitoring), and CC8.1 (change management). Each can be weakened by an ordinary pull request.

SOC 2 in code
Guide: what SOC 2 checks in your repo

Get early access ← All terms