PwC comments on ASEC’s proposed revision of its trust services criteria

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.

Comment letter , PwC US Dec 06, 2016

PwC supports efforts to align ASEC’s trust services criteria with COSO and address cybersecurity risks.


PwC submitted a comment letter on the ASEC’s Proposed Revision of Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy ("proposed trust services criteria"). We support ASEC’s effort to reorganize and revise the extant trust services criteria to more closely align with the 17 principles in Internal Control—Integrated Framework (COSO 2013 framework). We note ASEC’s view that, as revised, the trust services criteria provide a great deal of flexibility in application (e.g., they may be used to evaluate a variety of different subject matters).

We also note the efforts to restructure and add supplemental criteria to better address cybersecurity risks in engagements using the trust services criteria. We believe, if not clearly delineated, that confusion may arise as to how a cybersecurity engagement differs from a SOC 2® engagement when the trust services criteria can be applied to both types of engagements. We believe further articulation of the key differences is necessary for practitioners and those who engage practitioners to perform these types of engagements.

Contact us

Heather Horn

Heather Horn

US Strategic Thought Leader, National Professional Services Group, PwC US

David Schmid

David Schmid

International Accounting Leader, National Professional Services Group, PwC US

Follow us