The five Trust Services Criteria (TSC) are Security, Availability, Processing Integrity, Confidentiality, and Privacy. ‘Security’ is the only mandatory category and focuses on protecting against unauthorized access. ‘Availability’ ensures systems are operational and usable as agreed. ‘Processing Integrity’ confirms that system processing is complete, valid, accurate, and timely. ‘Confidentiality’ deals with protecting data restricted to a specific set of persons or organizations. Finally, ‘Privacy’ addresses the collection, use, retention, disclosure, and disposal of personal information in conformity with the organizationâs privacy notice. Companies can choose which of the four optional criteria to include in their audit based on their specific business model and customer requirements.
