The ‘5 principles’ are the Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. Security protects against unauthorized access. Availability ensures the system is available for operation as committed. Processing Integrity ensures system processing is complete, valid, and accurate. Confidentiality ensures information designated as confidential is protected. Privacy ensures personal information is collected and handled according to privacy principles. While ‘Security’ is the core requirement that every SOC 2 report must include, companies can choose to add any of the other four principles depending on what their customers care about most. For example, a data-sharing platform might prioritize Privacy, while a hosting provider might focus on Availability.
