SOC 2 Trust Services
AICPA TSC SOC 2 Security + 4 critères optionnels.
Définition
SOC 2 TSC structure : Common Criteria CC1 Control Environment, CC2 Communication, CC3 Risk Assessment, CC4 Monitoring, CC5 Control Activities, CC6 Logical/Physical Access, CC7 System Operations, CC8 Change Management, CC9 Risk Mitigation. Critères additionnels : Availability A, Processing Integrity PI, Confidentiality C, Privacy P. Audit par CPA firms (Deloitte, EY, PwC, KPMG, Grant Thornton, A-LIGN, Schellman).
Origine
AICPA, premier framework 2010, révision TSC 2017, mise à jour 2022.
Usage
Quasi-obligatoire pour tout SaaS B2B vendant à enterprise US. Concurrent ISO 27001 (international, mais plus formal).