You have arrived here from the site of a company that provides services that have been covered by a SOC3 SM examination. The applicable SOC3 Seal of assurance symbolizes that these services have been examined by an independent accountant. Further, the Seal represents the practitioner’s report (see below) on management's assertion(s) that the entity's business being relied upon is in conformity with the applicable Trust Services Principle(s) and Criteria.
Trust Services Principles and Criteria is an international set of principles and
criteria for systems and electronic commerce developed and managed jointly by
the American Institute of Certified Public Accountants and the Canadian Institute
of Chartered Accountants. By demonstrating compliance with Trust Services criteria
through an examination by an independent practitioner, entities earn the right
to display the seal of assurance.
Seal of assurance combines high standards for identified activities with the requirement
for an independent verification/audit. Together they build trust and confidence
among consumers and businesses conducting business over the Internet.
The entity has
earned the right to display the Seal of assurance with respect to
the Trust Service Principle(s) of:
Principle addresses accessibility to the defined system, products, or services
as advertised or committed by contract, service-level, or other agreements. This
Principle does not, in itself, set an acceptable minimum availability percentage
performance level for Web sites or service provider access. The minimum availability
percentage is established by mutual agreement (contract) between the customer
and the service provider. The criteria include requirements that:
- availability policies exist,
entity communicates the defined system availability policies to authorized users,
- the entity
uses procedures to achieve its documented system availability objectives in accordance
with its defined policies, and
exist to monitor compliance with its defined system availability policies.
Processing Integrity Principle requires an entity to meet high standards for the
completeness, accuracy, timeliness, and authorization of system processing including
the processing of electronic commerce transactions. Processing integrity exists
if a system performs its intended function in an unimpaired manner, free from
unauthorized or inadvertent manipulation. The criteria includes requirements
transactions and services are processed or performed without exception, and that
transactions and services are not processed more than once,
information about the transaction will remain accurate throughout the processing
of the transaction,
timeliness of the provision of services or the delivery of goods is addressed
in the context of commitments made for such delivery,
- the entity uses procedures
to achieve its documented system processing integrity objectives in accordance
with its defined policies, and
includes assurances that processing is performed in accordance with the required
approvals and privileges defined by policies governing system processing.
Principle requires an entity to meet high standards for the protection of the
system components from unauthorized access, both logical and physical. The criteria
includes requirements that the entity
effective security policies,
its key security practices,
uses procedures to achieve its documented system
security objectives in accordance with its defined policies, and
controls to ensure that these policies are followed.