1.866.669.6561

check

SysTrust / WebTrust (SOC 3)

Trust Services (including WebTrust and SysTrust) are audits that were specifically designed for companies looking for independent assurance related to Information Systems and e-Commerce activities.   The Assurance Services Executive Committee of the AICPA has developed a specific set of principles and criteria to provide guidance over reporting on the security, availability, processing integrity, privacy, and confidentiality of systems.

Benefits of Complying with Trust Services

The world is rapidly evolving with new technologies and the dependence on secure and reliable information systems has never been more crucial than in today’s market.  It has become increasingly important to gain the trust and confidence of your customers and business partners especially when they rely on your systems for the confidentiality and privacy of their data or the accuracy of transaction processing and the availability of systems required for transaction processing.  Studies have found that 91% of consumers would buy more goods and services if the e-Commerce site’s practices are verified and 58% of these consumers are more willing to recommend the site to family and friends.  Through the WebTrust and SysTrust services companies have the ability to establish their credibility and build confidence with important end users.

Customer who successfully complete a WebTrust and SysTrust attestation audit also have the option of marketing their systems or e-Commerce site with the internationally know WebTrust and SysTrust seals.  Contact us today to start your assurance project.

Industries We Serve

  • Application Service Providers (ASPs)
  • Software as a Service (SaaS)
  • Third Party Administrators
  • Payroll Providers
  • Professional Employer Organizations (PEOs)
  • Collection Companies
  • Data Center and Colocation Services
  • Managed Service Provider
  • ACH Processors
  • Health Care
  • Financial Services

Trust Services Principles

The following principles and related criteria have been developed by the AICPA and the Canadian Institute of Chartered Accountants (CICA) and are the foundation of the Trust Services Framework:

  1. Security:  The system is protected against unauthorized access (both physical and logical).
  2. Availability:  The system is available for operation and use as committed or agreed.
  3. Processing integrity:  System processing is complete, accurate, timely, and authorized.
  4. Confidentiality:  Information designated as confidential is protected as committed or agreed.
  5. Privacy:  Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA. 

Evaluation Categories

The trust services principle and the criteria is evaluated in the following categories of security, availability, processing integrity, and confidentiality are organized in four broad areas:

A  (Policies):  The entity has defined and documented its policies relevant to the particular principle.

B  (Communications):  The entity has communicated its defined policies to responsible parties and authorized users of the system.

C  (Procedures):  The entity placed in operation procedures to achieve its objectives in accordance with its defined policies.

D:  (Monitoring):  The entity monitors the system and takes action to maintain compliance with its defined policies.

The below chart illustrates have the Principle and Criteria is evaluated:

AICPA / CICA Trust Services Priciples, Criteria and Evaluation
Principles Criteria Evaluation Categories
Security The system is protected against unauthorized access (both physical and logical). A, B, C & D
Availability The system is available for operation and use as committed or agreed. A, B, C & D
Processing Integrity System processing is complete, accurate, timely, and authorized. A, B, C & D
Confidentiality Information designated as confidential is protected as committed or agreed. A, B, C & D
Privacy Personal information is collected, used, retained, disclosed, and destroyed in conformity with the commitments in the entity’s privacy notice and with criteria set forth in generally accepted privacy principles issued by the AICPA and CICA. A, B, C & D

Skoda Minotti Risk Advisory Services

Our concept is to bridge the gap for our clients from wanting to comply to becoming compliant.  We understand the pressures of competition and the demands of your customers requesting a Trust Services audit report.  Skoda Minotti Risk Advisory Services is the solution, each of our audits are customized and designed to assist your company in a seamless process from the time we initiate the audit to finalizing your Trust Services audit report.  All of our auditors have a depth of knowledge in a variety of industries and we have a good understanding of your business and how this relates to a Trust Services audit.  We treat each Trust Services audit with a unique approach to ensure we fulfill your needs.  Skoda Minotti Risk Advisory Services possesses the necessary industry related experience and Information Technology expertise to deliver quality audits.

Also a large majority of audits completed are technical in nature and that is why Skoda Minotti Risk Advisory Services will have auditors on site with certifications such as CISSP and CISA in addition to CPAs completing your company’s audit.  Call us today and find out how we can make your Trust Services audit a Successful one.

 

Assurance Concepts is now Skoda Minotti Risk Advisory Services. Click here to visit this page on our new website: SysTrust WebTrust (SOC 3 Reporting).

More Information