AICPA announces changes to Trust Services Criteria and SOC 2 Reporting

Start adding items to your reading lists:
Save this item to:
This item has been saved to your reading list.


With the fluid regulatory landscape and increasing demand for transparency into controls and processes, the American Institute of Certified Public Accountants (AICPA) is continually revising and refining the reporting criteria used in System and Organization Controls (SOC) reports. 

In April 2017, the AICPA updated the Trust Services Criteria, impacting the controls required to be included with a SOC 2 report. The new criteria, while available for use now, will be required for reports with period ends after December 15th 2018.

How will the changes to the Trust Services Criteria impact your SOC 2 reporting requirements?

The updates to the Trust Services Criteria represent the most significant change to the criteria since the development of SOC 2 reporting. This publication dives deeper into how the following areas of change will impact SOC 2 reports going forward: 

  • Restructures and aligns the Trust Services Criteria with the COSO 2013 framework.
  • Renames the Trust Services Principles and Criteria.
  • Restructures and adds supplemental criteria to better address cybersecurity risks.
  • Adds points of focus to all criteria.
  • Additional description criteria requirements.


Contact us

Todd Bialick
Trust and Transparency Solutions Leader, PwC US
Tel: +1 (973) 236 4902

Kevin Knight
Partner, Trust and Transparency Solutions, PwC US
Tel: +1 (703) 918 3505

Rebecca Thomas
Managing Director, Trust and Transparency Solutions
Tel: +1 (314) 206-8732

Steve Dobson
Director, Trust and Transparency Solutions, PwC US
Tel: +1 (704) 347 1627

Follow us