.13 The following are the trust services principles:2
a. Security. The system is protected against unauthorized access, use, or modification.
The security principle refers to the protection of the system re-sources through logical and physical access control measures in order to support the achievement of management's commitments
2SysTrustSM, SysTrust for Service OrganizationsSM, and WebTrustSMare specific branded as-surance services offerings developed by the AICPA and Canadian Institute of Chartered Accountants (CICA) that are based on the trust services principles and criteria. Practitioners must be licensed by CICA to use these registered service marks. Service marks can only be issued for engagements that re-sult in an unqualified examination opinion. For more information on licensure, see www.webtrust.org.
prevent or detect the breakdown and circumvention of segregation of duties, system failure, incorrect processing, theft or other unau-thorized removal of data or system resources, misuse of software, and improper access to, or use of, alteration, destruction, or disclo-sure of information.
b. Availability. The system is available for operation and use as com-mitted or agreed.
The availability principle refers to the accessibility of the system, products, or services as committed by contract, service-level agree-ment, or other agreements. This principle does not, in itself, set a minimum acceptable performance level for system availability.
The availability principle does not address system functionality (the specific functions a system performs) and system usability (the ability of users to apply system functions to the performance of specific tasks or problems), but does address whether the sys-tem includes controls to support syssys-tem accessibility for operation, monitoring, and maintenance.
c. Processing integrity. System processing is complete, valid, accurate, timely, and authorized.
The processing integrity principle refers to the completeness, valid-ity, accuracy, timeliness, and authorization of system processing.
Processing integrity addresses whether the system achieves its aim or the purpose for which it exists, and whether it performs its in-tended function in an unimpaired manner, free from unauthorized or inadvertent manipulation. Processing integrity does not auto-matically imply that the information received and stored by the system is complete, valid, accurate, current, and authorized. The risk that data contains errors introduced prior to its input in the system often cannot be addressed by system controls and detecting such errors is not usually the responsibility of the entity. Simi-larly, users outside the boundary of the system may be responsible for initiating processing. In these instances, the data may become invalid, inaccurate, or otherwise inappropriate even though the system is processing with integrity.
d. Confidentiality. Information designated as confidential is protected as committed or agreed.
The confidentiality principle addresses the system's ability to pro-tect information designated as confidential in accordance with the organization's commitments and requirements through its final disposition and removal from the system. Information is confiden-tial if the custodian of the information, either by law or regulation, the custodian's own assertion, commitment, or other agreement, is obligated to limit its access, use, and retention, and restrict its disclosure to a specified set of persons or organizations (includ-ing those that may otherwise have authorized access within the boundaries of the system). The need for information to be confiden-tial may arise for many different reasons. For example, the infor-mation is proprietary inforinfor-mation, inforinfor-mation intended only for company personnel, personal information, or merely embarrassing
ity refers to a broader range of information that is not restricted to personal information; and (ii) privacy addresses requirement for the treatment, processing, and handling of personal information.
e. Privacy.
The privacy principle addresses the system's collection, use, reten-tion, disclosure, and disposal of personal information3in conformity with the commitments in the entity's privacy notice and with crite-ria set forth in generally accepted privacy principles (GAPP) issued by the AICPA and Canadian Institute of Chartered Accountants (see appendix C, "Generally Accepted Privacy Principles"). GAPP is a management framework that includes the measurement cri-teria for the trust services privacy principle. GAPP consists of 10 sub-principles:
i. Management. The entity defines documents, communi-cates, and assigns accountability for its privacy policies and procedures.
ii. Notice. The entity provides notice about its privacy poli-cies and procedures and identifies the purposes for which personal information is collected, used, retained, and dis-closed.
iii. Choice and consent. The entity describes the choices avail-able to the individual and obtains implicit or explicit con-sent with respect to the collection, use, and disclosure of personal information.
iv. Collection. The entity collects personal information only for the purposes identified in the notice.
v. Use and retention. The entity limits the use of personal information to the purposes identified in the notice and for which the individual has provided implicit or explicit consent. The entity retains personal information for only as long as necessary to fulfill the stated purposes or as re-quired by law or regulations and thereafter appropriately disposes of such information.
vi. Access. The entity provides individuals with access to their personal information for review and update.
vii. Disclosure to third parties. The entity discloses personal information to third parties only for the purposes identi-fied in the notice and with the implicit or explicit consent of the individual.
viii. Security for privacy. The entity protects personal infor-mation against unauthorized access (both physical and logical).
ix. Quality. The entity maintains accurate, complete, and rel-evant personal information for the purposes identified in the notice.
3Personal information is information that is about or can be related to an identifiable individual.
It may include information about customers, employees, and other individuals.
procedures to address privacy-related complaints and dis-putes.