Trust Services Criteria
Skill packages tagged with “Trust Services Criteria”
SOC 2 Control Narrative Author
Guided elaboration of SOC 2 readiness documentation: control narratives aligned to AICPA Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy), control-objective mapping, and evidence placeholders for Type I/II audit.
SOC 2 Monitoring & Testing
Build an ongoing monitoring and testing program for SOC 2 audit readiness. Creates a control testing plan with method, frequency, and tester assignments; an evidence collection matrix mapping controls to TSC criteria; and an exception tracker with root cause analysis and remediation. Validates testing coverage, evidence strength, and exception management.
SOC 2 Organization Profile
Build and validate the organizational context profile for SOC 2 audit readiness. Captures principal service commitments, system requirements (SCSR), trust services categories, system boundaries, subservice organizations (carved-out/inclusive), and complementary user entity controls (CUECs). Boundary validator checks scope completeness; CUEC mapper validates controls are specific, actionable, and TSC-aligned.
SOC 2 Policy Generator
Generate Trust Services Criteria-aligned policy documents for SOC 2 audit readiness. Produces 8 core policies (Information Security, Access Control, Change Management, Incident Response, Risk Assessment, Vendor Management, Business Continuity, Data Classification) plus optional Privacy and Processing Integrity policies — each tailored to organizational context with TSC criteria mapping, named roles, and specific systems.
SOC 2 Risk Assessment
Conduct a structured risk assessment aligned to AICPA Trust Services Criteria. Identifies risks per TSC category using a 5x5 likelihood-impact matrix, maps risks to specific TSC criteria (CC/A/PI/C/P), identifies control gaps, validates residual risk scoring, and produces a risk register with treatment plan. Feeds into gap analysis, control narratives, and policy generation.
SOC 2 System Description & Management Assertion
Draft the SOC 2 system description narrative (Section III) and management assertion letter per AICPA Trust Services Criteria (TSP Section 100) and DC Section 200 description criteria. Covers system boundaries, components, SCSR, subservice organizations (carved-out and inclusive methods), CUECs, CSOCs, control environment mapped to CC1–CC9, and trust services scope validation.