Can An Organization Keep Using The Old TSPs?

July 13, 2015

My company completes SOC 2 audits annually, and have for the last several years based on the old trust criteria. Our processes and our customer prefer the old criteria. Can we continue to have the audits under the old criteria?

 In order to complete another SOC 2 examination and receive a SOC 2 report this year, the report will need to include the new Trust Services Principles (TSP) criteria. However, an AT 101 examination is a potential alternative report. The AT 101 examination is an attestation against any criteria, which could be the old TSPs in this case. The AT 101 examination could also be a Type 1 or a Type 2 examination.

Previous Article
P2PE Version 2.0 Released
P2PE Version 2.0 Released

Just before the July 4th weekend in the US, the PCI SSC released version 2.0 of the PCI Point-to-Point Encr...

Next Article
FedRAMP and PCI – A Comparison of Scanning and Penetration Testing Requirements
FedRAMP and PCI – A Comparison of Scanning and Penetration Testing Requirements

 Overview In the last 30 days, the FedRAMP Program Management Office (PMO) has published guidance for both ...