The Trust Service Principles (TSP) are the five criteria established by the American Institute of Certified Public Accountants (AICPA) that form the foundation of SOC 2 reports: Security, Availability, Processing Integrity, Confidentiality and Privacy. Security (also known as the Common Criteria) is mandatory for every SOC 2 engagement, whilst the remaining four principles are selected based on the nature of the services provided. Each principle defines specific control objectives that organisations must meet to demonstrate trustworthy operations.
For organisations seeking SOC 2 certification, understanding which Trust Service Principles apply to their services is a critical first step. The principles provide a clear and auditable framework for demonstrating to customers and stakeholders that appropriate controls are in place. Aligning internal controls with the TSP criteria also streamlines audit preparation and can reduce the time and cost of achieving certification.