Mappings Relevant to the SOC Suite of Services

2017 Trust Services Criteria (TSC) Mappings to Various Frameworks

The 2017 TSC Mappings in the links below identify the relationship between the 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (includes March 2020 updates) (TSC) and the requirements in a specified framework. The purpose of these mappings is to enhance the understanding of an organization’s objectives (e.g., system requirements) related to a framework and its controls to provide reasonable assurance that those objectives are achieved. The specific requirements of a framework may be points of focus for the identified TSC. The tool may be used by service auditors to:

  1. Assess, in a SOC  examination, whether the TSC for a category are met when management uses the framework as a system requirement, and
  2. Evaluate whether the framework may be considered suitable criteria per AT-C section 105.25(ii) when such criteria are to be used to evaluate the subject matter in (a) a SOC  examination or (b) another attestation examination involving one or more of the TSC categories.