Trust Services (SysTrust/WebTrust)
How do you independently verify that your company’s IT system or website employs effective controls and safeguards to ensure reliable, secure operation?
For any organization that is seeking to provide compliance and/or operational assurance to any third party, Trust Services can provide that assurance, reporting that the organization has effective controls in place to ensure security, availability, processing integrity, confidentiality and privacy—the pillars of the AICPA’s Trust Services Principles.
SJU offers SysTrust and WebTrust Services that respectively address an organization’s overall IT system and its Internet-based systems. Each is a set of attestation services (developed by the American Institute of Certified Public Accountants and Canadian Institute of Chartered Accountants) that are based on principles and criteria that address risks and controls. In conducting either service, we apply detailed evaluation criteria to assess the design and operating effectiveness of control categories significant to service organizations in critical organizational areas:
(Note that Trust Services also provide foundational criteria for SOC2 and SOC3 reporting for service organizations.)
Following the appropriate Trust Services Principles and Criteria, we evaluate your IT system controls that relate to one or more of the Principles’ five areas:
- Security—regarding protections against unauthorized access
- Availability—regarding operational reliability
- Processing integrity—regarding completeness, accuracy and timeliness
- Confidentiality—regarding delivery of information to those it is intended for
- Privacy—regarding the safeguarding of personal information based on GAPP
Trust Services provide assurances that your organization: has defined and documented policies relating to a principle; communicated its policies to the right people; instituted procedures to achieve policy objectives; and monitors its system to comply with policies.
SysTrust or WebTrust certification offers clear benefits and enables your organization to:
- Provide your constituents—consumers, business partners, creditors, bankers, regulators and others—with well-defined assurances
- Have a blueprint for maintaining or improving your IT system’s or website’s security
- Add a competitive advantage
The deliverables to company management are SysTrust or WebTrust assurance reports that are unrestricted and the relative seal for market recognition. Earning a WebTrust certification for an ecommerce website, for example, assures online customers of the security and privacy of their transactions. Similarly, a SysTrust certification could assure a potential client that any confidential information stored within your organization is secure.
SJU can help you determine how SysTrust and WebTrust services can improve your operations and provide third parties with the assurance they need.