SOC 2

Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

Trust Services Criteria (TSC)

The five AICPA-defined categories that form the basis of SOC 2 audits: Security (required), Availability, Processing Integrity, Confidentiality, and Privacy. Security is the only mandatory criterion. Organizations select additional criteria based on their service commitments.

From the library

The full analysis on Trust Services Criteria (TSC).

The article is where the term meets the practitioner. Read how this concept actually shows up in audit, in remediation, and in the boardroom.

Read the analysis →
The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.