Trust Services

TRUST SERVICES PRINCIPLES AND CRITERIA, and ILLUSTRATIONS

AICPA

The Assurance Services Executive Committee has approved the Trust Services Principles, Criteria and Illustrations which supersedes the 2006 version of the suitable Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy. These principles and Criteria are effective for engagements beginning on or after September 15, 2009. Comments or questions regarding these Principles and Criteria should be addressed to Erin Mackler at emackler@aicpa.org or Business Reporting Assurance and Advisory Services, AICPA 1211 Avenue of the Americas, New York NY 100036-8775

The Trust Services Principles and Criteria are the basis for both the WebTrust ^TM and SysTrust^SM Services (other than WebTrust for Certification Authorities) The version published reflects application in the United States market as reflected by the references to the AICPA’s attestation section AT 101, I (AICPA, Professional Standards, vol. 1). For international issuers of WebTrust and SysTrust reports, practitioners may also refer to international or domestic professional standards that are equivalent to AT 101.

To download the Trust Services Principles and Criteria, please click here. For a complete copy of the Trust Service Principles and Criteria including practitioner guidance go to AICPA TSP section 100, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Technical Practice Aids). 

CICA

The CICA has developed the Trust Services Principles and Criteria jointly with the AICPA. The Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy and related material are published by the CICA to assist practitioners should they wish to undertake these engagements. To download these principles and criteria, please click here. 

NEWS

November, 2012: In response to the CA/Browser Forum's release of its "Guidelines for Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, V.1.0", WebTrust has developed audit guidelines to assist practitioners in meeting the audit requirement for these certificates as established by the CA/B Forum. These guidelines should be used by auditors reporting using WebTrust Principles and Criteria in order to issue an opinion publicly-trusted Certificates.

Introduction 

WebTrust and SysTrust licensing

WEBTRUST PROGRAM FOR CERTIFICATION AUTHORITIES

Certification Authorities Audit (Examination) Criteria

• Principles and Criteria for Certification Authorities
• Principles and Criteria for Extended Validation Certificates
• SSL Baseline Requirements Audit Criteria V.1.0