SlideShare ist ein Scribd-Unternehmen logo

Navigating the new Trust Services Criteria

Als PPTX, PDF herunterladen
McKonly & Asbury, LLP
McKonly & Asbury, LLP

This webinar was hosted by McKonly & Asbury Partner, Michael Hoffner and Senior Managers, Josh Bantz and Samuel BowerCraft. The webinar reviewed he new Trust Services Criteria that will be effective for SOC 2 and SOC 3 reports issued after December 15, 2018. The emphasis of this webinar was on evaluating the changes to the criteria, impacts on the report, and processes and procedures for transitioning from the 2016 Criteria to the 2017 Criteria. The presenters looked in-depth at how clients should map their controls from the 2016 Trust Services Criteria to the 2017 Trust Services Criteria including challenges with the new criteria.

Business
1 von 29
Navigating the new Trust Services Criteria Michael Hoffner , CPA Joshua Bantz, CPA
Navigating the new Trust Services Criteria Michael Hoffner , CPA Joshua Bantz, CPA
Introduction Mike Hoffner, CPA • Partner and Service Organization Controls (SOC) Leader • Serves Manufacturing/Distribution, Construction and Engineering Clients • Serves Service Organizations – SOC 1, SOC 2, and SOC 3 pre-assessment services and examinations • Performs external Peer Reviews
Introduction Josh Bantz, CPA • Senior Manager and Service Organization Controls (SOC) Key Member • Serves Real Estate and Nonprofit Clients • Serves Service Organizations – SOC 1, SOC 2, and SOC 3 pre-assessment services and examinations
Introduction Samuel BowerCraft, MSIS, CISA • Senior Manager in the Internal Audit and Management Consulting Group • Security consulting related to financial data, information systems, and assets • Experience with strategic oversight and planning; management; operations and installation of technical infrastructure; software; and systems • M.S., Information Systems • Certified Information Systems Auditor (CISA)
Webinar Objectives • Overview of SOC 2 and SOC 3 and Trust Services Criteria • Introduction to the new 2017 Trust Services Criteria • Mapping the 2016 Criteria to the 2017 Criteria • Successful techniques to transition SOC 2 and SOC 3 Controls to the 2017 Trust Services Criteria • Navigating challenges in implementing the 2017 Trust Services Criteria
SOC 2 and SOC 3 and Trust Services Criteria Overview
Service Organization Controls (SOC) 2 Examinations • SOC 2 Examinations are: • A way of communicating information about controls at a service organization to the users of that service organization • Focused on non financial reporting controls • SOC 2 service organization controls must meet the specified Trust Services Principles defined by the AICPA • Security, Availability, Processing Integrity, Confidentiality and Privacy • SOC 2 reports are restricted to knowledgeable parties, including users of the service organization and their auditors, and prospective users.
Service Organization Controls (SOC) 3 Examination • SOC 3 was established as a general use report alternative to the SOC 2 Report • SOC 3 examinations are examinations on controls relevant to the applicable Trust Services Criteria • The report includes only the auditor’s opinion and limited description of controls (narrative) • SOC 3 is a general use report (no limitations on distribution) • SOC 3 examination covers both design and operating effectiveness of controls relevant to applicable Trust Services Criteria
2017 Trust Services Criteria
Background on the Update to the Trust Services Criteria • Significant re-write from the 2016 Trust Services Principles and Criteria • Aligns with the 2013 COSO Internal Control Framework • Better addresses cybersecurity risks • Greater flexibility • Adds Points of Focus to all criteria • Additional detail on the criteria to aid implementation • Depending on environment, not all points of focus need met • The Points of Focus are not required to be included in the report and an assessment of whether each point has been addressed is not required
Timeline for transitioning to 2017 TSP • December 15, 2018 - all reports issued after this date must use the 2017 Trust Services Criteria • Currently either set of criteria can be used for SOC 2 and SOC 3 reporting • The SOC 2 or SOC 3 report must specify which criteria were used (i.e. 2016 or 2017)
2017 Trust Services Criteria • Organized into 5 Main categories similar to COSO • Control Environment (Common Criteria 1 series) • Communication and Information (Common Criteria 2 series) • Risk Assessment (Common Criteria 3 series) • Monitoring Activities (Common Criteria 4 series) • Control Activities (Common Criteria 5 series) • 17 COSO principles included in the 5 categories
2017 Trust Services Criteria • Additional categories to cover IT and cybersecurity • Logical and physical access (CC6 series) • System operations (CC7 series) • Change Management (CC8 series) • Risk Mitigation (CC9 series) • Renames Trust Services Principles and Criteria (TSP) to Trust Services Criteria (TSC) • Avoids confusion with 17 COSO principles
Transitioning to the 2017 Trust Services Criteria Mapping Controls to from the 2016 Trust Services Principles to the 2017 Trust Services Criteria
Mapping from 2016 TSP to 2017 TSC • Step 1 – Map Identified Controls to New Criteria / Gap Assessment • AICPA released a spreadsheet mapping the 2016 Principles to the 2017 Criteria • Includes Common Criteria and Additional Criteria for Availability, Confidentiality, Processing Integrity and Privacy • The document provides comprehensive mapping from the 2016 Trust Services Principles to the 2017 Trust Services Criteria • The spreadsheet provides service organization with a valuable tool to map their controls under the 2016 Trust Services Principles to the 2017 Trust Services Criteria and should be the first step in the transition process
Successful techniques for transitioning to 2017 TSC
Techniques to transition to 2017 TSC • Service Organizations should start the process by completing the mapping prior to start of reporting period • Complete mapping of current controls to 2017 TSC using AICPA Tool • Complete gap assessment – • Evaluate the language within the new criteria and determine whether the organizations current controls successfully meet the TSC objectives. • Evaluate the current controls against the Points of Focus for each of the new Trust Services Criteria • Reminder: no requirement to meet or address every Point of Focus • The Points of Focus are a tool for evaluating current controls against the TSC.
Techniques to transition to 2017 TSC • Allow sufficient time to plan for any required changes and to design and implement new controls • Pay attention to reporting period, ensure new controls are implemented timely and are properly documented • Reach out to SOC auditor with any questions or concerns
Sample Mapping • New 2017 TSC Criteria 1.1: The entity demonstrates a commitment to integrity and ethical values. - Maps to - • Previous 2016 TSC CC1.4 - The entity has established workforce conduct standards, implemented workforce candidate background screening procedures, and conducts enforcement procedures to enable it to meet its commitments and system requirements as they relate to security.
Sample Mapping • Points of Focus related to Criteria 1.1 • Sets the Tone at the Top—The board of directors and management, at all levels, demonstrate through their directives, actions, and behavior the importance of integrity and ethical values to support the functioning of the system of internal control. • Establishes Standards of Conduct—The expectations of the board of directors and senior management concerning integrity and ethical values are defined in the entity’s standards of conduct and understood at all levels of the entity and by outsourced service providers and business partners.
Sample Mapping • Points of Focus related to Criteria 1.1 cont’d • Evaluates Adherence to Standards of Conduct—Processes are in place to evaluate the performance of individuals and teams against the entity’s expected standards of conduct. • Addresses Deviations in a Timely Manner—Deviations from the entity’s expected standards of conduct are identified and remedied in a timely and consistent manner. • Considers Contractors and Vendor Employees in Demonstrating Its Commitment—Management and the board of directors consider the use of contractors and vendor employees in its processes for establishing standards of conduct, evaluating adherence to those standards, and addressing deviations in a timely manner.
Challenges in implementing the 2017 Trust Services Criteria
Challenges Implementing the 2017 TSC • 17 COSO principles don’t directly map to the 2016 Trust Services Principles and Criteria • Service organizations will need to assess whether their controls meet all of the 17 internal control principles • Service organizations may need to restructure their internal controls to comply with the 2017 Trust Services Criteria – this requires TIME • Any new/updated controls need to be in place for entire reporting period
Challenges Implementing the 2017 TSC (cont’d) • Service organizations might be required to implement new processes and activities to meet the 2017 TSC • Policies and Procedures may need to be written/updated and implemented prior to the start of the reporting period. • Documentation of new processes and controls will need to be established to provide sufficient evidence to test the operating effectiveness of the controls.
Questions? Mike Hoffner Partner mhoffner@macpas.com Josh Bantz Senior Manager jbantz@macpas.com Samuel BowerCraft Senior Manager sbowercraft@macpas.com

Empfohlen

Implementing a FAR Part 31 Compliant Cost Accounting System
Implementing a FAR Part 31 Compliant Cost Accounting SystemImplementing a FAR Part 31 Compliant Cost Accounting System
Implementing a FAR Part 31 Compliant Cost Accounting SystemRobert E Jones
 
Efficient Contract Review for Effective Compliance
Efficient Contract Review for Effective ComplianceEfficient Contract Review for Effective Compliance
Efficient Contract Review for Effective ComplianceRobert E Jones
 
Audits Virtual Conference - Effective Business and Cost Competitive Strategies
Audits Virtual Conference - Effective Business and Cost Competitive StrategiesAudits Virtual Conference - Effective Business and Cost Competitive Strategies
Audits Virtual Conference - Effective Business and Cost Competitive StrategiesRobert E Jones
 
New approaches in internal audit
New approaches in internal auditNew approaches in internal audit
New approaches in internal auditSalih Islam
 
T410 iso 19011
T410 iso 19011T410 iso 19011
T410 iso 19011Mponeng Poo
 
Soa 17 soa governance reference architecture
Soa 17 soa governance reference architectureSoa 17 soa governance reference architecture
Soa 17 soa governance reference architectureVaibhav Khanna
 
Management Foundation implementation introduction 2014 (public)
Management Foundation implementation introduction 2014 (public)Management Foundation implementation introduction 2014 (public)
Management Foundation implementation introduction 2014 (public)Richard den Dulk
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsNimonik
 

Empfohlen

Implementing a FAR Part 31 Compliant Cost Accounting System
Implementing a FAR Part 31 Compliant Cost Accounting SystemImplementing a FAR Part 31 Compliant Cost Accounting System
Implementing a FAR Part 31 Compliant Cost Accounting SystemRobert E Jones
 
Efficient Contract Review for Effective Compliance
Efficient Contract Review for Effective ComplianceEfficient Contract Review for Effective Compliance
Efficient Contract Review for Effective ComplianceRobert E Jones
 
Audits Virtual Conference - Effective Business and Cost Competitive Strategies
Audits Virtual Conference - Effective Business and Cost Competitive StrategiesAudits Virtual Conference - Effective Business and Cost Competitive Strategies
Audits Virtual Conference - Effective Business and Cost Competitive StrategiesRobert E Jones
 
New approaches in internal audit
New approaches in internal auditNew approaches in internal audit
New approaches in internal auditSalih Islam
 
T410 iso 19011
T410 iso 19011T410 iso 19011
T410 iso 19011Mponeng Poo
 
Soa 17 soa governance reference architecture
Soa 17 soa governance reference architectureSoa 17 soa governance reference architecture
Soa 17 soa governance reference architectureVaibhav Khanna
 
Management Foundation implementation introduction 2014 (public)
Management Foundation implementation introduction 2014 (public)Management Foundation implementation introduction 2014 (public)
Management Foundation implementation introduction 2014 (public)Richard den Dulk
 
Internal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsInternal Audit Best Practices for Safety, Environment, and Quality Audits
Internal Audit Best Practices for Safety, Environment, and Quality AuditsNimonik
 
Soa 16 integrated soa governance
Soa 16 integrated soa governanceSoa 16 integrated soa governance
Soa 16 integrated soa governanceVaibhav Khanna
 
Auditing Accounting Estimates & Using the Work of Specialists
Auditing Accounting Estimates & Using the Work of SpecialistsAuditing Accounting Estimates & Using the Work of Specialists
Auditing Accounting Estimates & Using the Work of SpecialistsJeffrey Johanns
 
CSI Activity
CSI Activity CSI Activity
CSI Activity PandeyABHISHEK1
 
ISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft WebinarISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft WebinarInternational Federation of Accountants
 
It Audit
It AuditIt Audit
It Auditrobinslides
 
Internal Audit effectiveness
Internal Audit effectivenessInternal Audit effectiveness
Internal Audit effectivenessKaran Puri
 
Process Audit and ISO
Process Audit and ISOProcess Audit and ISO
Process Audit and ISOSadafhazel
 
Mobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedMobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedNimonik
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Schellman & Company
 
Checklist
ChecklistChecklist
Checklistdygmasnah65
 
Iso 9001:2015 internal auditor Course
Iso 9001:2015 internal auditor Course Iso 9001:2015 internal auditor Course
Iso 9001:2015 internal auditor Course Atif Alhaj
 
05.2 auditing procedure application controls
05.2 auditing procedure application controls05.2 auditing procedure application controls
05.2 auditing procedure application controlsMulyadi Yusuf
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016Hafiz Sheikh Adnan Ahmed
 
ISO 9001 Training | QMS Training | ISO 9001 Internal Auditor Training
ISO 9001 Training | QMS Training | ISO 9001 Internal Auditor TrainingISO 9001 Training | QMS Training | ISO 9001 Internal Auditor Training
ISO 9001 Training | QMS Training | ISO 9001 Internal Auditor Traininghimalya sharma
 
Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)Vishnuvarthanan Moorthy
 
KPI Team Journey
KPI Team JourneyKPI Team Journey
KPI Team JourneyQuEST Forum
 
Chap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseChap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseDesmond Devendran
 
Health and safety kpi
Health and safety kpiHealth and safety kpi
Health and safety kpiremaphemiller
 
Chap.9 the key process areas for level 4
Chap.9 the key process areas for level 4Chap.9 the key process areas for level 4
Chap.9 the key process areas for level 4Prince Bhanwra
 
Cisa Certification Overview
Cisa Certification OverviewCisa Certification Overview
Cisa Certification OverviewAl Imran, CISA
 
Risk elimination and safety committee
Risk elimination and safety committeeRisk elimination and safety committee
Risk elimination and safety committeeHpm India
 
ITIL Continual Service Improvement
ITIL Continual Service ImprovementITIL Continual Service Improvement
ITIL Continual Service ImprovementMarvin Sirait
 

Weitere ähnliche Inhalte

Was ist angesagt?

Soa 16 integrated soa governance
Soa 16 integrated soa governanceSoa 16 integrated soa governance
Soa 16 integrated soa governanceVaibhav Khanna
 
Auditing Accounting Estimates & Using the Work of Specialists
Auditing Accounting Estimates & Using the Work of SpecialistsAuditing Accounting Estimates & Using the Work of Specialists
Auditing Accounting Estimates & Using the Work of SpecialistsJeffrey Johanns
 
Internal Audit effectiveness
Internal Audit effectivenessInternal Audit effectiveness
Internal Audit effectivenessKaran Puri
 
Process Audit and ISO
Process Audit and ISOProcess Audit and ISO
Process Audit and ISOSadafhazel
 
Mobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedMobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedNimonik
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Schellman & Company
 
Iso 9001:2015 internal auditor Course
Iso 9001:2015 internal auditor Course Iso 9001:2015 internal auditor Course
Iso 9001:2015 internal auditor Course Atif Alhaj
 
05.2 auditing procedure application controls
05.2 auditing procedure application controls05.2 auditing procedure application controls
05.2 auditing procedure application controlsMulyadi Yusuf
 
ISO 9001 Training | QMS Training | ISO 9001 Internal Auditor Training
ISO 9001 Training | QMS Training | ISO 9001 Internal Auditor TrainingISO 9001 Training | QMS Training | ISO 9001 Internal Auditor Training
ISO 9001 Training | QMS Training | ISO 9001 Internal Auditor Traininghimalya sharma
 
Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)Vishnuvarthanan Moorthy
 
KPI Team Journey
KPI Team JourneyKPI Team Journey
KPI Team JourneyQuEST Forum
 
Chap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseChap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseDesmond Devendran
 
Health and safety kpi
Health and safety kpiHealth and safety kpi
Health and safety kpiremaphemiller
 
Chap.9 the key process areas for level 4
Chap.9 the key process areas for level 4Chap.9 the key process areas for level 4
Chap.9 the key process areas for level 4Prince Bhanwra
 
Cisa Certification Overview
Cisa Certification OverviewCisa Certification Overview
Cisa Certification OverviewAl Imran, CISA
 

Was ist angesagt? (20)

Soa 16 integrated soa governance
Soa 16 integrated soa governanceSoa 16 integrated soa governance
Soa 16 integrated soa governance
 
Auditing Accounting Estimates & Using the Work of Specialists
Auditing Accounting Estimates & Using the Work of SpecialistsAuditing Accounting Estimates & Using the Work of Specialists
Auditing Accounting Estimates & Using the Work of Specialists
 
CSI Activity
CSI Activity CSI Activity
CSI Activity
 
ISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft WebinarISA 315 (Revised) - Exposure Draft Webinar
ISA 315 (Revised) - Exposure Draft Webinar
 
It Audit
It AuditIt Audit
It Audit
 
Internal Audit effectiveness
Internal Audit effectivenessInternal Audit effectiveness
Internal Audit effectiveness
 
Process Audit and ISO
Process Audit and ISOProcess Audit and ISO
Process Audit and ISO
 
Mobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons LearnedMobile EHS and Quality Auditing - Lessons Learned
Mobile EHS and Quality Auditing - Lessons Learned
 
Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1Everything You Need To Know About SOC 1
Everything You Need To Know About SOC 1
 
Checklist
ChecklistChecklist
Checklist
 
Iso 9001:2015 internal auditor Course
Iso 9001:2015 internal auditor Course Iso 9001:2015 internal auditor Course
Iso 9001:2015 internal auditor Course
 
05.2 auditing procedure application controls
05.2 auditing procedure application controls05.2 auditing procedure application controls
05.2 auditing procedure application controls
 
CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016CISA Training - Chapter 1 - 2016
CISA Training - Chapter 1 - 2016
 
ISO 9001 Training | QMS Training | ISO 9001 Internal Auditor Training
ISO 9001 Training | QMS Training | ISO 9001 Internal Auditor TrainingISO 9001 Training | QMS Training | ISO 9001 Internal Auditor Training
ISO 9001 Training | QMS Training | ISO 9001 Internal Auditor Training
 
Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)Scalable integrated program audit (sipa)
Scalable integrated program audit (sipa)
 
KPI Team Journey
KPI Team JourneyKPI Team Journey
KPI Team Journey
 
Chap1 2007 Cisa Review Course
Chap1 2007 Cisa Review CourseChap1 2007 Cisa Review Course
Chap1 2007 Cisa Review Course
 
Health and safety kpi
Health and safety kpiHealth and safety kpi
Health and safety kpi
 
Chap.9 the key process areas for level 4
Chap.9 the key process areas for level 4Chap.9 the key process areas for level 4
Chap.9 the key process areas for level 4
 
Cisa Certification Overview
Cisa Certification OverviewCisa Certification Overview
Cisa Certification Overview
 

Ähnlich wie Navigating the new Trust Services Criteria

Risk elimination and safety committee
Risk elimination and safety committeeRisk elimination and safety committee
Risk elimination and safety committeeHpm India
 
ITIL Continual Service Improvement
ITIL Continual Service ImprovementITIL Continual Service Improvement
ITIL Continual Service ImprovementMarvin Sirait
 
ISO 9001:2015 - Greendot Management Solutions
ISO 9001:2015 - Greendot Management Solutions ISO 9001:2015 - Greendot Management Solutions
ISO 9001:2015 - Greendot Management Solutions Nirav Trivedi
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaEnergySec
 
30-9(ISO9001-2015).pptx
30-9(ISO9001-2015).pptx30-9(ISO9001-2015).pptx
30-9(ISO9001-2015).pptxibr1722011
 
Futureofthequalitymanagementprinciples 1
Futureofthequalitymanagementprinciples 1Futureofthequalitymanagementprinciples 1
Futureofthequalitymanagementprinciples 1Paul Robere
 
ISO 9001:2015 DIS Changes, Requirements and Implementation
ISO 9001:2015 DIS Changes, Requirements and Implementation ISO 9001:2015 DIS Changes, Requirements and Implementation
ISO 9001:2015 DIS Changes, Requirements and Implementation Govind Ramu
 
Annual Results and Impact Evaluation Workshop for RBF - Day Seven - Measureme...
Annual Results and Impact Evaluation Workshop for RBF - Day Seven - Measureme...Annual Results and Impact Evaluation Workshop for RBF - Day Seven - Measureme...
Annual Results and Impact Evaluation Workshop for RBF - Day Seven - Measureme...RBFHealth
 
Annual Results and Impact Evaluation Workshop for RBF - Day Three - Measureme...
Annual Results and Impact Evaluation Workshop for RBF - Day Three - Measureme...Annual Results and Impact Evaluation Workshop for RBF - Day Three - Measureme...
Annual Results and Impact Evaluation Workshop for RBF - Day Three - Measureme...RBFHealth
 
SSAE 16 Transitions Overview
SSAE 16 Transitions OverviewSSAE 16 Transitions Overview
SSAE 16 Transitions OverviewJeffrey Paulette
 
ISO14001: what do the key changes mean for business and how should organisati...
ISO14001: what do the key changes mean for business and how should organisati...ISO14001: what do the key changes mean for business and how should organisati...
ISO14001: what do the key changes mean for business and how should organisati...Ardea International
 
SAI Global Webinar: Tips for Effective Internal Auditing
SAI Global Webinar: Tips for Effective Internal AuditingSAI Global Webinar: Tips for Effective Internal Auditing
SAI Global Webinar: Tips for Effective Internal AuditingSwitzerland09
 
ISO 9001: 2015 QUALITY MANAGEMENT SYSTEMS
ISO 9001: 2015 QUALITY MANAGEMENT SYSTEMSISO 9001: 2015 QUALITY MANAGEMENT SYSTEMS
ISO 9001: 2015 QUALITY MANAGEMENT SYSTEMSSubhendu Datta
 
QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008
QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008
QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008Engr. Syed Noor Mustafa Shah
 
xx QMP QMS QA documents full.ppt
xx QMP QMS QA documents full.pptxx QMP QMS QA documents full.ppt
xx QMP QMS QA documents full.pptssusera85eeb1
 
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Montrium
 

Ähnlich wie Navigating the new Trust Services Criteria (20)

Risk elimination and safety committee
Risk elimination and safety committeeRisk elimination and safety committee
Risk elimination and safety committee
 
ITIL Continual Service Improvement
ITIL Continual Service ImprovementITIL Continual Service Improvement
ITIL Continual Service Improvement
 
ISO 9001:2015 - Greendot Management Solutions
ISO 9001:2015 - Greendot Management Solutions ISO 9001:2015 - Greendot Management Solutions
ISO 9001:2015 - Greendot Management Solutions
 
Structured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six SigmaStructured NERC CIP Process Improvement Using Six Sigma
Structured NERC CIP Process Improvement Using Six Sigma
 
30-9(ISO9001-2015).pptx
30-9(ISO9001-2015).pptx30-9(ISO9001-2015).pptx
30-9(ISO9001-2015).pptx
 
ISO 9001:2015 Requirements.pptx
ISO 9001:2015 Requirements.pptxISO 9001:2015 Requirements.pptx
ISO 9001:2015 Requirements.pptx
 
Futureofthequalitymanagementprinciples 1
Futureofthequalitymanagementprinciples 1Futureofthequalitymanagementprinciples 1
Futureofthequalitymanagementprinciples 1
 
ISO 9001:2015 DIS Changes, Requirements and Implementation
ISO 9001:2015 DIS Changes, Requirements and Implementation ISO 9001:2015 DIS Changes, Requirements and Implementation
ISO 9001:2015 DIS Changes, Requirements and Implementation
 
Annual Results and Impact Evaluation Workshop for RBF - Day Seven - Measureme...
Annual Results and Impact Evaluation Workshop for RBF - Day Seven - Measureme...Annual Results and Impact Evaluation Workshop for RBF - Day Seven - Measureme...
Annual Results and Impact Evaluation Workshop for RBF - Day Seven - Measureme...
 
Annual Results and Impact Evaluation Workshop for RBF - Day Three - Measureme...
Annual Results and Impact Evaluation Workshop for RBF - Day Three - Measureme...Annual Results and Impact Evaluation Workshop for RBF - Day Three - Measureme...
Annual Results and Impact Evaluation Workshop for RBF - Day Three - Measureme...
 
SSAE 16 Transitions Overview
SSAE 16 Transitions OverviewSSAE 16 Transitions Overview
SSAE 16 Transitions Overview
 
Iso9001 2015
Iso9001 2015Iso9001 2015
Iso9001 2015
 
ISO14001: what do the key changes mean for business and how should organisati...
ISO14001: what do the key changes mean for business and how should organisati...ISO14001: what do the key changes mean for business and how should organisati...
ISO14001: what do the key changes mean for business and how should organisati...
 
SAI Global Webinar: Tips for Effective Internal Auditing
SAI Global Webinar: Tips for Effective Internal AuditingSAI Global Webinar: Tips for Effective Internal Auditing
SAI Global Webinar: Tips for Effective Internal Auditing
 
ISO 9001: 2015 QUALITY MANAGEMENT SYSTEMS
ISO 9001: 2015 QUALITY MANAGEMENT SYSTEMSISO 9001: 2015 QUALITY MANAGEMENT SYSTEMS
ISO 9001: 2015 QUALITY MANAGEMENT SYSTEMS
 
QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008
QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008
QMS - Quality Management System - Internal Quality Auditor - ISO 9001:2008
 
qmpfull.ppt
qmpfull.pptqmpfull.ppt
qmpfull.ppt
 
xx QMP QMS QA documents full.ppt
xx QMP QMS QA documents full.pptxx QMP QMS QA documents full.ppt
xx QMP QMS QA documents full.ppt
 
qmpfull.ppt
qmpfull.pptqmpfull.ppt
qmpfull.ppt
 
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
Strategies for Conducting GxP Vendor Assessment of Cloud Service Providers - ...
 

Mehr von McKonly & Asbury, LLP

Ratio Analysis and Business Performance – Why Should I Care – Part 2?
Ratio Analysis and Business Performance – Why Should I Care – Part 2?Ratio Analysis and Business Performance – Why Should I Care – Part 2?
Ratio Analysis and Business Performance – Why Should I Care – Part 2?McKonly & Asbury, LLP
 
Not-For-Profit Organizations: Lessons Learned from Implementation of the New ...
Not-For-Profit Organizations: Lessons Learned from Implementation of the New ...Not-For-Profit Organizations: Lessons Learned from Implementation of the New ...
Not-For-Profit Organizations: Lessons Learned from Implementation of the New ...McKonly & Asbury, LLP
 
2019 State Taxes: Pennsylvania Update and The Multistate Tax Climate
2019 State Taxes: Pennsylvania Update and The Multistate Tax Climate2019 State Taxes: Pennsylvania Update and The Multistate Tax Climate
2019 State Taxes: Pennsylvania Update and The Multistate Tax ClimateMcKonly & Asbury, LLP
 
Leasing: A New Standard is Finally Here
Leasing: A New Standard is Finally HereLeasing: A New Standard is Finally Here
Leasing: A New Standard is Finally HereMcKonly & Asbury, LLP
 
Business Valuation Update & Impact of the Tax Cuts and Jobs Act
Business Valuation Update & Impact of the Tax Cuts and Jobs ActBusiness Valuation Update & Impact of the Tax Cuts and Jobs Act
Business Valuation Update & Impact of the Tax Cuts and Jobs ActMcKonly & Asbury, LLP
 
Tax Cut and Jobs Act: What You Need to Know
Tax Cut and Jobs Act: What You Need to KnowTax Cut and Jobs Act: What You Need to Know
Tax Cut and Jobs Act: What You Need to KnowMcKonly & Asbury, LLP
 
Business Ethics & The Three Monkeys in the Room
Business Ethics & The Three Monkeys in the RoomBusiness Ethics & The Three Monkeys in the Room
Business Ethics & The Three Monkeys in the RoomMcKonly & Asbury, LLP
 
Modern Trust Laws: Delivering Direction and Control
Modern Trust Laws: Delivering Direction and ControlModern Trust Laws: Delivering Direction and Control
Modern Trust Laws: Delivering Direction and ControlMcKonly & Asbury, LLP
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationMcKonly & Asbury, LLP
 
Professional Ethics for CPAs - What the Rules Say and How to Interpret Them
Professional Ethics for CPAs - What the Rules Say and How to Interpret ThemProfessional Ethics for CPAs - What the Rules Say and How to Interpret Them
Professional Ethics for CPAs - What the Rules Say and How to Interpret ThemMcKonly & Asbury, LLP
 
2018 Pennsylvania Tax Update: The State Budget, Legislation, and Multistate T...
2018 Pennsylvania Tax Update: The State Budget, Legislation, and Multistate T...2018 Pennsylvania Tax Update: The State Budget, Legislation, and Multistate T...
2018 Pennsylvania Tax Update: The State Budget, Legislation, and Multistate T...McKonly & Asbury, LLP
 
Not-for-Profit Financial Reporting: How to Convert Your Financial Statements ...
Not-for-Profit Financial Reporting: How to Convert Your Financial Statements ...Not-for-Profit Financial Reporting: How to Convert Your Financial Statements ...
Not-for-Profit Financial Reporting: How to Convert Your Financial Statements ...McKonly & Asbury, LLP
 
Tax Credit Opportunities for Historic Building Rehabilitations
Tax Credit Opportunities for Historic Building RehabilitationsTax Credit Opportunities for Historic Building Rehabilitations
Tax Credit Opportunities for Historic Building RehabilitationsMcKonly & Asbury, LLP
 
Preparing to Buy? Topics and Tips for Buying a Business
Preparing to Buy? Topics and Tips for Buying a BusinessPreparing to Buy? Topics and Tips for Buying a Business
Preparing to Buy? Topics and Tips for Buying a BusinessMcKonly & Asbury, LLP
 
Data Analytics: Better Decision, Better Business
Data Analytics: Better Decision, Better BusinessData Analytics: Better Decision, Better Business
Data Analytics: Better Decision, Better BusinessMcKonly & Asbury, LLP
 
Tax Reform Legislation Analysis - Part 2
Tax Reform Legislation Analysis - Part 2Tax Reform Legislation Analysis - Part 2
Tax Reform Legislation Analysis - Part 2McKonly & Asbury, LLP
 
Preparing to Buy or Sell? Topics and Tips for a Successful Transition
Preparing to Buy or Sell? Topics and Tips for a Successful TransitionPreparing to Buy or Sell? Topics and Tips for a Successful Transition
Preparing to Buy or Sell? Topics and Tips for a Successful TransitionMcKonly & Asbury, LLP
 
Ethics: Real Life Application of the AICPA Code of Professional Conduct
Ethics: Real Life Application of the AICPA Code of Professional ConductEthics: Real Life Application of the AICPA Code of Professional Conduct
Ethics: Real Life Application of the AICPA Code of Professional ConductMcKonly & Asbury, LLP
 

Mehr von McKonly & Asbury, LLP (20)

Ethics: A Focus on the 7 Threats
Ethics: A Focus on the 7 ThreatsEthics: A Focus on the 7 Threats
Ethics: A Focus on the 7 Threats
 
Ratio Analysis and Business Performance – Why Should I Care – Part 2?
Ratio Analysis and Business Performance – Why Should I Care – Part 2?Ratio Analysis and Business Performance – Why Should I Care – Part 2?
Ratio Analysis and Business Performance – Why Should I Care – Part 2?
 
Not-For-Profit Organizations: Lessons Learned from Implementation of the New ...
Not-For-Profit Organizations: Lessons Learned from Implementation of the New ...Not-For-Profit Organizations: Lessons Learned from Implementation of the New ...
Not-For-Profit Organizations: Lessons Learned from Implementation of the New ...
 
2019 State Taxes: Pennsylvania Update and The Multistate Tax Climate
2019 State Taxes: Pennsylvania Update and The Multistate Tax Climate2019 State Taxes: Pennsylvania Update and The Multistate Tax Climate
2019 State Taxes: Pennsylvania Update and The Multistate Tax Climate
 
Leasing: A New Standard is Finally Here
Leasing: A New Standard is Finally HereLeasing: A New Standard is Finally Here
Leasing: A New Standard is Finally Here
 
Business Valuation Update & Impact of the Tax Cuts and Jobs Act
Business Valuation Update & Impact of the Tax Cuts and Jobs ActBusiness Valuation Update & Impact of the Tax Cuts and Jobs Act
Business Valuation Update & Impact of the Tax Cuts and Jobs Act
 
Tax Cut and Jobs Act: What You Need to Know
Tax Cut and Jobs Act: What You Need to KnowTax Cut and Jobs Act: What You Need to Know
Tax Cut and Jobs Act: What You Need to Know
 
Business Ethics & The Three Monkeys in the Room
Business Ethics & The Three Monkeys in the RoomBusiness Ethics & The Three Monkeys in the Room
Business Ethics & The Three Monkeys in the Room
 
Modern Trust Laws: Delivering Direction and Control
Modern Trust Laws: Delivering Direction and ControlModern Trust Laws: Delivering Direction and Control
Modern Trust Laws: Delivering Direction and Control
 
Cybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your OrganizationCybersecurity Risk Management Program and Your Organization
Cybersecurity Risk Management Program and Your Organization
 
Professional Ethics for CPAs - What the Rules Say and How to Interpret Them
Professional Ethics for CPAs - What the Rules Say and How to Interpret ThemProfessional Ethics for CPAs - What the Rules Say and How to Interpret Them
Professional Ethics for CPAs - What the Rules Say and How to Interpret Them
 
2018 Pennsylvania Tax Update: The State Budget, Legislation, and Multistate T...
2018 Pennsylvania Tax Update: The State Budget, Legislation, and Multistate T...2018 Pennsylvania Tax Update: The State Budget, Legislation, and Multistate T...
2018 Pennsylvania Tax Update: The State Budget, Legislation, and Multistate T...
 
Not-for-Profit Financial Reporting: How to Convert Your Financial Statements ...
Not-for-Profit Financial Reporting: How to Convert Your Financial Statements ...Not-for-Profit Financial Reporting: How to Convert Your Financial Statements ...
Not-for-Profit Financial Reporting: How to Convert Your Financial Statements ...
 
Tax Credit Opportunities for Historic Building Rehabilitations
Tax Credit Opportunities for Historic Building RehabilitationsTax Credit Opportunities for Historic Building Rehabilitations
Tax Credit Opportunities for Historic Building Rehabilitations
 
Preparing to Buy? Topics and Tips for Buying a Business
Preparing to Buy? Topics and Tips for Buying a BusinessPreparing to Buy? Topics and Tips for Buying a Business
Preparing to Buy? Topics and Tips for Buying a Business
 
Data Analytics: Better Decision, Better Business
Data Analytics: Better Decision, Better BusinessData Analytics: Better Decision, Better Business
Data Analytics: Better Decision, Better Business
 
Tax Reform Legislation Analysis - Part 2
Tax Reform Legislation Analysis - Part 2Tax Reform Legislation Analysis - Part 2
Tax Reform Legislation Analysis - Part 2
 
Tax Reform Legislation Analysis
Tax Reform Legislation AnalysisTax Reform Legislation Analysis
Tax Reform Legislation Analysis
 
Preparing to Buy or Sell? Topics and Tips for a Successful Transition
Preparing to Buy or Sell? Topics and Tips for a Successful TransitionPreparing to Buy or Sell? Topics and Tips for a Successful Transition
Preparing to Buy or Sell? Topics and Tips for a Successful Transition
 
Ethics: Real Life Application of the AICPA Code of Professional Conduct
Ethics: Real Life Application of the AICPA Code of Professional ConductEthics: Real Life Application of the AICPA Code of Professional Conduct
Ethics: Real Life Application of the AICPA Code of Professional Conduct
 

Kürzlich hochgeladen

7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Roland Driesen
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfAmzadHosen3
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsP&CO
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Dipal Arora
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒anilsa9823
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfPaul Menig
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdfRenandantas16
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 

Kürzlich hochgeladen (20)

7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
John Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdfJohn Halpern sued for sexual assault.pdf
John Halpern sued for sexual assault.pdf
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
Call Girls Navi Mumbai Just Call 9907093804 Top Class Call Girl Service Avail...
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pillsMifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
Mifty kit IN Salmiya (+918133066128) Abortion pills IN Salmiyah Cytotec pills
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
Grateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdfGrateful 7 speech thanking everyone that has helped.pdf
Grateful 7 speech thanking everyone that has helped.pdf
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 

Navigating the new Trust Services Criteria

  • 1. Navigating the new Trust Services Criteria Michael Hoffner , CPA Joshua Bantz, CPA
  • 2.
  • 3.
  • 4. Navigating the new Trust Services Criteria Michael Hoffner , CPA Joshua Bantz, CPA
  • 5. Introduction Mike Hoffner, CPA • Partner and Service Organization Controls (SOC) Leader • Serves Manufacturing/Distribution, Construction and Engineering Clients • Serves Service Organizations – SOC 1, SOC 2, and SOC 3 pre-assessment services and examinations • Performs external Peer Reviews
  • 6. Introduction Josh Bantz, CPA • Senior Manager and Service Organization Controls (SOC) Key Member • Serves Real Estate and Nonprofit Clients • Serves Service Organizations – SOC 1, SOC 2, and SOC 3 pre-assessment services and examinations
  • 7. Introduction Samuel BowerCraft, MSIS, CISA • Senior Manager in the Internal Audit and Management Consulting Group • Security consulting related to financial data, information systems, and assets • Experience with strategic oversight and planning; management; operations and installation of technical infrastructure; software; and systems • M.S., Information Systems • Certified Information Systems Auditor (CISA)
  • 8. Webinar Objectives • Overview of SOC 2 and SOC 3 and Trust Services Criteria • Introduction to the new 2017 Trust Services Criteria • Mapping the 2016 Criteria to the 2017 Criteria • Successful techniques to transition SOC 2 and SOC 3 Controls to the 2017 Trust Services Criteria • Navigating challenges in implementing the 2017 Trust Services Criteria
  • 9. SOC 2 and SOC 3 and Trust Services Criteria Overview
  • 10. Service Organization Controls (SOC) 2 Examinations • SOC 2 Examinations are: • A way of communicating information about controls at a service organization to the users of that service organization • Focused on non financial reporting controls • SOC 2 service organization controls must meet the specified Trust Services Principles defined by the AICPA • Security, Availability, Processing Integrity, Confidentiality and Privacy • SOC 2 reports are restricted to knowledgeable parties, including users of the service organization and their auditors, and prospective users.
  • 11. Service Organization Controls (SOC) 3 Examination • SOC 3 was established as a general use report alternative to the SOC 2 Report • SOC 3 examinations are examinations on controls relevant to the applicable Trust Services Criteria • The report includes only the auditor’s opinion and limited description of controls (narrative) • SOC 3 is a general use report (no limitations on distribution) • SOC 3 examination covers both design and operating effectiveness of controls relevant to applicable Trust Services Criteria
  • 13. Background on the Update to the Trust Services Criteria • Significant re-write from the 2016 Trust Services Principles and Criteria • Aligns with the 2013 COSO Internal Control Framework • Better addresses cybersecurity risks • Greater flexibility • Adds Points of Focus to all criteria • Additional detail on the criteria to aid implementation • Depending on environment, not all points of focus need met • The Points of Focus are not required to be included in the report and an assessment of whether each point has been addressed is not required
  • 14. Timeline for transitioning to 2017 TSP • December 15, 2018 - all reports issued after this date must use the 2017 Trust Services Criteria • Currently either set of criteria can be used for SOC 2 and SOC 3 reporting • The SOC 2 or SOC 3 report must specify which criteria were used (i.e. 2016 or 2017)
  • 15. 2017 Trust Services Criteria • Organized into 5 Main categories similar to COSO • Control Environment (Common Criteria 1 series) • Communication and Information (Common Criteria 2 series) • Risk Assessment (Common Criteria 3 series) • Monitoring Activities (Common Criteria 4 series) • Control Activities (Common Criteria 5 series) • 17 COSO principles included in the 5 categories
  • 16. 2017 Trust Services Criteria • Additional categories to cover IT and cybersecurity • Logical and physical access (CC6 series) • System operations (CC7 series) • Change Management (CC8 series) • Risk Mitigation (CC9 series) • Renames Trust Services Principles and Criteria (TSP) to Trust Services Criteria (TSC) • Avoids confusion with 17 COSO principles
  • 17. Transitioning to the 2017 Trust Services Criteria Mapping Controls to from the 2016 Trust Services Principles to the 2017 Trust Services Criteria
  • 18. Mapping from 2016 TSP to 2017 TSC • Step 1 – Map Identified Controls to New Criteria / Gap Assessment • AICPA released a spreadsheet mapping the 2016 Principles to the 2017 Criteria • Includes Common Criteria and Additional Criteria for Availability, Confidentiality, Processing Integrity and Privacy • The document provides comprehensive mapping from the 2016 Trust Services Principles to the 2017 Trust Services Criteria • The spreadsheet provides service organization with a valuable tool to map their controls under the 2016 Trust Services Principles to the 2017 Trust Services Criteria and should be the first step in the transition process
  • 19.
  • 21. Techniques to transition to 2017 TSC • Service Organizations should start the process by completing the mapping prior to start of reporting period • Complete mapping of current controls to 2017 TSC using AICPA Tool • Complete gap assessment – • Evaluate the language within the new criteria and determine whether the organizations current controls successfully meet the TSC objectives. • Evaluate the current controls against the Points of Focus for each of the new Trust Services Criteria • Reminder: no requirement to meet or address every Point of Focus • The Points of Focus are a tool for evaluating current controls against the TSC.
  • 22. Techniques to transition to 2017 TSC • Allow sufficient time to plan for any required changes and to design and implement new controls • Pay attention to reporting period, ensure new controls are implemented timely and are properly documented • Reach out to SOC auditor with any questions or concerns
  • 23. Sample Mapping • New 2017 TSC Criteria 1.1: The entity demonstrates a commitment to integrity and ethical values. - Maps to - • Previous 2016 TSC CC1.4 - The entity has established workforce conduct standards, implemented workforce candidate background screening procedures, and conducts enforcement procedures to enable it to meet its commitments and system requirements as they relate to security.
  • 24. Sample Mapping • Points of Focus related to Criteria 1.1 • Sets the Tone at the Top—The board of directors and management, at all levels, demonstrate through their directives, actions, and behavior the importance of integrity and ethical values to support the functioning of the system of internal control. • Establishes Standards of Conduct—The expectations of the board of directors and senior management concerning integrity and ethical values are defined in the entity’s standards of conduct and understood at all levels of the entity and by outsourced service providers and business partners.
  • 25. Sample Mapping • Points of Focus related to Criteria 1.1 cont’d • Evaluates Adherence to Standards of Conduct—Processes are in place to evaluate the performance of individuals and teams against the entity’s expected standards of conduct. • Addresses Deviations in a Timely Manner—Deviations from the entity’s expected standards of conduct are identified and remedied in a timely and consistent manner. • Considers Contractors and Vendor Employees in Demonstrating Its Commitment—Management and the board of directors consider the use of contractors and vendor employees in its processes for establishing standards of conduct, evaluating adherence to those standards, and addressing deviations in a timely manner.
  • 26. Challenges in implementing the 2017 Trust Services Criteria
  • 27. Challenges Implementing the 2017 TSC • 17 COSO principles don’t directly map to the 2016 Trust Services Principles and Criteria • Service organizations will need to assess whether their controls meet all of the 17 internal control principles • Service organizations may need to restructure their internal controls to comply with the 2017 Trust Services Criteria – this requires TIME • Any new/updated controls need to be in place for entire reporting period
  • 28. Challenges Implementing the 2017 TSC (cont’d) • Service organizations might be required to implement new processes and activities to meet the 2017 TSC • Policies and Procedures may need to be written/updated and implemented prior to the start of the reporting period. • Documentation of new processes and controls will need to be established to provide sufficient evidence to test the operating effectiveness of the controls.
  • 29. Questions? Mike Hoffner Partner mhoffner@macpas.com Josh Bantz Senior Manager jbantz@macpas.com Samuel BowerCraft Senior Manager sbowercraft@macpas.com