CICA and CMA Canada joined together January 1, 2013 to create CPA Canada as the national organization to support unification of the Canadian accounting profession under the CPA banner.

Trust Services

TRUST SERVICES PRINCIPLES AND CRITERIA, and ILLUSTRATIONS

NOTICE: Revised Trust Services Principles and Criteria Issued

The 2014 revision to the Trust Services Principles and Criteria have been issued. They are effective for periods ending on or after December 15, 2014, early implementation permitted. They are available as part of the subscription service of the AICPA Technical Practice Aids or as a standalone e-book, Trust Services Principles, Criteria and Illustrations.

 

Exposure Draft – Invitation to Comment

WebTrust Audits - New and revised WebTrust for Certification Authorities Principles and Criteria

On April 3, 2014, the WebTrust TM/SM for Certification Authorities Task Force released several updated and new sets of WebTrust Principles and Criteria for Certification Authorities for the benefit of audit practitioners and certification authorities organizations, including:

Trust Services Principles and Criteria for Certification Authorities – SSL Baseline with Network Security – Version 2.0 (Exposure Draft)  

This is the most recent version (Version 2.0) of the WebTrust Trust Services Principles and Criteria for Certification Authorities – SSL Baseline with Network Security. These Principles and Criteria are based on the CA/Browser Forum’s (“CA/B Forum” or the “Forum”) “Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, v.1.1.6” and “Network and Certificate Systems Security Requirements, v.1.0”. The essential change from Version 1.1 of Trust Services Principles and Criteria for Issuance and Management of Publicly-Trusted Certificates is the incorporation of criteria related to network security into the document. Version 2.0 is effective for periods beginning on or after 1 July 2014, however earlier implementation to coincide with the effective date of the relevant version of the SSL Baseline Requirements and Network and Certificate System Security Requirements is permitted.

Comments should be submitted by May 15, 2014 and addressed to the attention of Bryan Walker.

Trust Services Principles and Criteria for Certification Authorities – Extended Validation SSL – Version 1.4.5
Version 1.4.5 of the WebTrust Principles and Criteria for Extended Validation SSL incorporates changes to criteria to reflect changes made by CA/B Forum. In 2011, the Forum released its Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates (“Baseline Requirements”) Version 1.0 with an effective date of 1 July 2012. Since the issuance of Version 1.0, a number of updates have been made, with the latest edition being Version 1.1.6 that became effective 29 July 2013. The EV SSL Guidelines, and these EV SSL Criteria, at times makes reference to the Baseline Requirements, and many guidelines which used to be previously detailed in the EV SSL Guidelines are now incorporated by reference to the Baseline Requirements. To facilitate the EV SSL Audit, however, these requirements continued to be detailed in these EV SSL Criteria. This set of Principles and Criteria are effective on release.

Comments should be submitted by May 15, 2014 and addressed to the attention of Bryan Walker.

Trust Services Principles and Criteria for Certification Authorities – Extended Validation Code Signing (Exposure  Draft)
The purpose of the WebTrust Principles and Criteria for Certification Authorities – Extended Validation Code Signing (“EV Code Signing Criteria”) is to set criteria that would be used as a basis for an auditor to conduct an EV Code Signing audit. The CA/B Forum has created a set of guidelines that set out the expected requirements for issuing EV Code Signing Certificates. The document entitled “Guidelines for the Issuance and Management of Extended Validation Code Signing Certificates” (“EV Code Signing Guidelines”) can be found at https://www.cabforum.org.  

This document is being released as an Exposure Draft to provide an opportunity for audit practitioners, certification authorities and other interested parties to comment.  The proposed effective date for the document is for engagements beginning on or after July 1, 2014. However, practitioners may adopt and use these Principles and Criteria on release.

Comments should be submitted by May 15, 2014 and addressed to the attention of Bryan Walker.


AICPA

The Assurance Services Executive Committee has approved the Trust Services Principles, Criteria and Illustrations which supersedes the 2006 version of the suitable Trust Services Principles, Criteria and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy. These principles and Criteria are effective for engagements beginning on or after September 15, 2009. Comments or questions regarding these Principles and Criteria should be addressed to Erin Mackler at emackler@aicpa.org or Business Reporting Assurance and Advisory Services, AICPA 1211 Avenue of the Americas, New York NY 100036-8775

The Trust Services Principles and Criteria are the basis for both the WebTrust TM and SysTrustSM Services (other than WebTrust for Certification Authorities) The version published reflects application in the United States market as reflected by the references to the AICPA’s attestation section AT 101, I (AICPA, Professional Standards, vol. 1). For international issuers of WebTrust and SysTrust reports, practitioners may also refer to international or domestic professional standards that are equivalent to AT 101.

To download the Trust Services Principles and Criteria, please click here. For a complete copy of the Trust Service Principles and Criteria including practitioner guidance go to AICPA TSP section 100, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Technical Practice Aids)


CICA

The CICA has developed the Trust Services Principles and Criteria jointly with the AICPA. The Trust Services Principles and Criteria for Security, Availability, Processing Integrity, Confidentiality and Privacy and related material are published by the CICA to assist practitioners should they wish to undertake these engagements. To download these principles and criteria, please click here

 

NEWS

November, 2012: In response to the CA/Browser Forum's release of its "Guidelines for Baseline Requirements for the Issuance and Management of Publicly-Trusted Certificates, V.1.0", WebTrust has developed audit guidelines to assist practitioners in meeting the audit requirement for these certificates as established by the CA/B Forum. These guidelines should be used by auditors reporting using WebTrust Principles and Criteria in order to issue an opinion publicly-trusted Certificates.

 

Introduction 

WebTrust and SysTrust licensing

WEBTRUST PROGRAM FOR CERTIFICATION AUTHORITIES


Certification Authorities Audit (Examination) Criteria