Twitter

SysTrust Services

Overview

Trust Services (comprised of the SysTrust® and WebTrust® programs) are defined as a set of professional assurance and advisory services based on a common set of principles and criteria that address the risks and opportunities of information technology (IT). Trust Services principles and criteria are issued by the Assurance Services Executive Committee of the American Institute of Certified Public Accountants and the services can only be delivered by a licensed Certified Public Accounting firm.

Trust Services differentiate companies from their competitors by demonstrating their awareness of the risks posed by their environment and providing third party verification by a CPA firm that they are equipped with the controls necessary to address those risks. Beneficiaries of Trust Services assurance reports are consumers, business partners, creditors, bankers and other creditors, regulators, outsourcers and those using outsourced services, and any other stakeholders who in some way rely on electronic commerce (e-commerce) and IT systems.

All Trust Services engagements utilize a combination of the following principles and criteria:

Security
The system is protected against unauthorized access (both physical and logical).
Availability
The system is available for operation and use as committed or agreed.
Processing Integrity
System processing is complete, accurate, timely, and authorized.
Confidentiality
Information designated as confidential is protected as committed or agreed.
SysTrust® Review Services

SAS 70 Solutions utilizes one or more the Trust Services Principles and Criteria (shown above), as specified by the client, to determine whether an IT system operated by the client is in compliance with the selected principles and criteria. The primary objective of the review is to provide system users with increased confidence that they system is appropriately controlled through independent third party verification of compliance with a standardized set of common controls.

SysTrust®
The scope of the assurance engagement includes one or more combinations of the Trust Services Principles and Criteria other than the “SysTrust - Systems Reliability” program described below.
SysTrust® - Systems Reliability
The scope of the assurance engagement includes the Security, Availability, and Processing Integrity Trust Services Principles and Criteria.
Deliverables

The primary deliverables of our SysTrust® reviews include:

  • Detailed project plan for the audit
  • Comprehensive information request list allowing the organization’s personnel to gather documentation in advance of fieldwork
  • The independent auditor’s report delivered in two hardcopy formats
  • The independent auditor’s report delivered in secured PDF format

In addition, clients that are in compliance with the selected SysTrust® criteria receive temporary license to display the SysTrust® seal on their website. The SysTrust® seal links to a copy of the independent auditor’s report and is valid for one year, after which the seal must be removed from the website unless re-certification is performed. SysTrust® seal licensing is managed by a joint effort between the AICPA and CICA and a licensing fee must be paid in order to utilize this seal.

Who Should Consider a SysTrust® Review?

The following are characteristics of the ideal candidate for SysTrust® review services:

  • The organization maintains a system that is mission critical to its customers.
  • The organization’s reputation largely depends on its ability to keep information accurate, secure, private or confidential.
  • The organization desires independent third party verification of its controls.
  • The organization prefers an independent review resulting in a third party certification “seal” that can be openly marketed to customers, as well as a third party report that can be shared with customers.
  • The organization has annual revenues greater than $2 million and the organization has ten or more employees.

SysTrust® is a registered Mark (branded service) of the Canadian Institute of Chartered Accountants.

Back to Top