Information, Articles, Tools, and Useful LinksCommittee Listings, Member Forums, and Find a CITPInformation on AICPA Tech. Conference, Seminars, Webcasts, and ConferencesIT Section Membership Information, CITP Credential Information, Members Only Tools and Communications, and MorePublications, CPE, Conferences, and Webcasts
 
Search
 

Search Options
Infotech Home > Resources > System Security & Reliability > System Reliability > Trust Services

Trust Services

Trust Services (including WebTrust® and SysTrust®) are defined as a set of professional assurance and advisory services based on a common framework (that is, a core set of principles and criteria) to address the risks and opportunities of IT. Trust Services principles and criteria are issued by the Assurance Services Executive Committee of the AICPA.

 

The Trust Services Criteria and Illustrations provide guidance when providing assurance services, advisory services, or both on information technology (IT)-enabled systems including electronic commerce (ecommerce) systems. It is particularly relevant when providing services with respect to security, availability, processing integrity, privacy, and confidentiality. In addition to its valuable guidance for CPAs providing IT advisory or assurance services, the Trust Services Principles are specifically applicable to two AICPA/CICA services—SysTrust and WebTrust.

 

Trust Services Principles and Criteria—An Overview
WebTrust® and SysTrust® are based on a common framework to address the risks and opportunities of IT. Learn More>>
Effects of a Third-Party Service Provider in a WebTrust SM/TM or Similar Engagement
This document provides additional guidance to practitioners in situations where specific services and/or activities of relevance in a WebTrust engagement for a WebTrust client are outsourced or otherwise performed by a TPSP. Learn More>>
Frequently Asked Questions on the Use of Generally Accepted Privacy Principles in WebTrust Engagements
These Frequently Asked Questions (FAQs) provide suggestions and clarifications on the application of GAPP in attestation engagements, with emphasis on those engagements in which the superseded Trust Services’ online privacy principle and criteria were used previously. This includes WebTrust Online Privacy and other Trust Services engagements. In addition, these FAQs address questions posed on GAPP and SAS No. 70. Learn More>>
WebTrust for Extended Validation Audit Criteria
This document has been prepared in cooperation with internet browsers and issuers of digital certificates by the WebTrust for Certification Authorities Working Group. It is in draft form recognizing that there has not yet been any Extended Validation Certificates issued or wide exposure of the guidelines. However, a significant requirement for the acceptance of Extended Validation Certificates by browsers is the completion of an examination by licensed WebTrust practitioners. Learn More>>
WebTrust for Certification Authorities
This document provides a framework for licensed WebTrust® practitioners to assess the adequacy and effectiveness of the controls employed by certification authorities (CAs). The importance of this function will continue to increase as the need for third-party authentication to provide assurance with respect to electronic commerce (e-commerce) business activities increases. Learn More>>