Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

Blogs

Events

Glossary

Guides and reports

What are the SOC Trust Services Criteria?

‍

The Trust Services Criteria (formerly Trust Services Principles) are control criteria utilized to evaluate and report on the suitability of the design and operating effectiveness of controls relevant to the Security, Availability, Processing Integrity, Confidentiality, or Privacy of an organization’s information and systems. The Trust Services Criteria are established by the Assurance Services Executive Committee (ASEC) of the American Institute of Certified Public Accountants (AICPA).

‍

The five Trust Services Criteria comprise the evaluation structure of a SOC 2 audit and report. All SOC 2 reports include the Security category; the other four categories are optional and a company may include them according to its customers’ needs and its unique business model.

‍

The Trust Services Criteria represent the framework by which organizations are evaluated for SOC 2 compliance. Of the five criteria, the Security category is required to obtain a SOC 2 audit, and many early-stage startups may choose to start the SOC 2 process with an evaluation of the Security category only.

‍

Related Terms

Additional resources you might like:

GRC

Events

Scaling Governance, Risk, and Compliance with Trust

Join ShipBob’s Heidi Pili and CMG’s Josh Wasserman for an interactive session on scaling your GRC program, with insights on key trends, Vanta use cases, and effective communication strategies.

SOC 2

Events

Product Demo: Automating Compliance for SOC 2, ISO 27001, HIPAA, and More

Learn how Vanta’s automation tools can help you streamline compliance, continuously monitor security controls, and scale your risk management program with ease.

Compliance

Events

Navigating AI and Compliance in Healthcare: Panel Discussion

Join experts from Vanta, Modern Health, and US Med-Equip as they discuss navigating AI risk management, staying compliant with evolving regulations, and scaling data security in healthcare.

ISO 42001

Blog

4 lessons learned during our ISO 42001 audit

Key takeaways from our ISO 42001 audit—and tips to help other companies navigate the process with ease.

Compliance

Events

Product Demo: Simplify ISO 27001 and SOC 2 compliance with Vanta

See how Vanta simplifies security and streamlines compliance across 35+ frameworks—live on May 6.

Security

Events

From Insights to Action: Measuring and Advancing Security Maturity

Discover how Vanta’s customizable reporting and dashboarding can help you assess and improve security maturity with real-time insights, better risk visibility, and data-driven decision-making.

Company news

Events

Zero to success: What we got wrong before we got it right

Join experienced founders as they share key lessons on overcoming early startup challenges and driving growth.

SOC 2

Events

Live Demo: Automating Compliance for SOC 2, ISO 27001, and More

Discover how automation can transform your compliance efforts into a streamlined, efficient process. Join the live demo to see it in action and get your compliance questions answered.

Compliance

Events

Demystifying the EU AI Act

Discover how Vanta can streamline your journey through this new regulatory landscape, ensuring your AI operations are secure and future-ready.

Follow us

What are the SOC Trust Services Criteria?

Related Terms

Additional resources you might like:

Additional resources you might like:

Get compliant and build trust—fast