SOC for Service Organizations: Trust Services Criteria (Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality, or Privacy)
These reports address controls relevant to security, availability, and processing integrity of the systems the service organization uses to process users’ data and the confidentiality and privacy of the information these systems process. They provide a level of detail sufficient to address the user’s vendor risk management needs and are restricted to specified parties with sufficient knowledge and understanding of the service organization’s system and the nature of services it provides.