🇺🇸 Live Medical Devices & Diagnostics

AICPA Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (2017, Revised 2022)

AICPA criteria for evaluating controls over security, availability, processing integrity, confidentiality, and privacy of information systems. Applies to service organisations undergoing SOC 2 examinations.

13

Rules extracted

58

Obligations decomposed

4.5x

Avg obligations per rule

🇺🇸 United States

Jurisdiction

What AuditDSS covers

Source

1

Regulation

Extracted

13

Rules

Decomposed

58

Obligations

4.5x

Decomposition ratio

Each rule is decomposed into an average of 4.5 atomic obligations — the smallest testable units that can be independently violated.

Fully extracted & scored

All 58 obligations have been decomposed, titled, risk-scored, and embedded for semantic matching.

Risk scoring

Every obligation in AICPA TSC (SOC 2) is scored across independent risk dimensions:

W

Obligation Weight

How critical within the regulatory framework

L

Violation Likelihood

How often breached in practice

E

Enforcement Evidence

Regulator enforcement history and penalties

C

Cascade Dependency

How many obligations depend on this one

Regulatory details

Full title
AICPA Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (2017, Revised 2022)
Regulatory body
American Institute of Certified Public Accountants
Jurisdiction
🇺🇸 United States
Document type
standard
Effective date
January 1, 2022
Industry
Medical Devices & Diagnostics

Who this applies to

service organizationsSaaS providerscloud service providersdata centersmanaged service providerstechnology companiesfinancial services firmshealthcare organizations

Key requirements

  • 33 Common Criteria (CC1-CC9) based on COSO framework
  • 3 Availability criteria (A1.1-A1.3)
  • 5 Processing Integrity criteria (PI1.1-PI1.5)
  • 2 Confidentiality criteria (C1.1-C1.2)
  • 16 Privacy criteria (P1.1-P8.1)
  • SOC 2 Type I and Type II reporting
  • Points of focus for each criterion

Frequently asked questions about AICPA TSC (SOC 2)

What is AICPA TSC (SOC 2)?
AICPA criteria for evaluating controls over security, availability, processing integrity, confidentiality, and privacy of information systems. Applies to service organisations undergoing SOC 2 examinations.

Who does AICPA TSC (SOC 2) apply to?
AICPA TSC (SOC 2) applies to service organizations, SaaS providers, cloud service providers, data centers, managed service providers, technology companies, financial services firms, healthcare organizations.

How many obligations does AICPA TSC (SOC 2) contain?
AuditDSS has decomposed AICPA TSC (SOC 2) into 58 atomic obligations from 13 rules. Each obligation is independently testable and risk-scored.

What are the key requirements of AICPA TSC (SOC 2)?
The key requirements include: 33 Common Criteria (CC1-CC9) based on COSO framework, 3 Availability criteria (A1.1-A1.3), 5 Processing Integrity criteria (PI1.1-PI1.5), 2 Confidentiality criteria (C1.1-C1.2), 16 Privacy criteria (P1.1-P8.1), SOC 2 Type I and Type II reporting, Points of focus for each criterion.

How can I assess my AICPA TSC (SOC 2) compliance?
Upload your compliance policy to AuditDSS. The platform maps your document against all 58 AICPA TSC (SOC 2) obligations using deterministic AI scoring — not checklists or LLM summaries. You get a risk-scored gap analysis showing exactly which obligations are covered, partially covered, or missing.

Which jurisdiction enforces AICPA TSC (SOC 2)?
AICPA TSC (SOC 2) is enforced in United States by American Institute of Certified Public Accountants.

When did AICPA TSC (SOC 2) come into effect?
AICPA TSC (SOC 2) became effective on January 1, 2022.

What industry does AICPA TSC (SOC 2) apply to?
AICPA TSC (SOC 2) is primarily relevant to the Medical Devices & Diagnostics industry. AuditDSS covers 64 regulations in this industry sector.

Build a AICPA TSC (SOC 2) compliance pack

Don't have a compliance policy yet? AuditDSS generates a complete compliance pack for AICPA TSC (SOC 2) — alone or combined with other regulations your business needs. Every clause is mapped to specific obligations.

Policy

High-level commitments and governance framework covering AICPA TSC (SOC 2) requirements.

Procedures

Step-by-step operational procedures to implement each policy commitment.

Forms & checklists

Ready-to-use forms, registers, and checklists for day-to-day compliance operations.

Multi-regulation

Combine AICPA TSC (SOC 2) with other regulations into a single unified compliance pack for your business.

Build AICPA TSC (SOC 2) compliance pack

Already have a policy? Assess it against AICPA TSC (SOC 2)

1

Upload your document

Upload your compliance policy, program manual, or operational document. AuditDSS accepts any text-based document.

2

AI maps against 58 obligations

Your document is scored against every obligation in AICPA TSC (SOC 2). Each claim is mapped to the obligation tree and evaluated for coverage.

3

Risk-scored gap report

Receive every gap ranked by risk priority with remediation guidance, enforcement evidence, and cascade impact analysis.

Related regulations in Medical Devices & Diagnostics

🇺🇸 Live

Anti-Kickback Statute

38 rules, 1,238 obligations
🇦🇺 Live

ACL

13 rules, 211 obligations
🇦🇺 Live

AU Climate Disclosure

10 rules, 52 obligations
🇦🇺 Live

Fair Work Act 2009

16 rules, 260 obligations
🇦🇺 Live

Modern Slavery Act 2018

9 rules, 135 obligations
🇦🇺 Live

Privacy Act 1988

29 rules, 203 obligations
🇦🇺 Live

SOCI Act 2018

10 rules, 32 obligations
🇦🇺 Live

TGA Act 1989

13 rules, 199 obligations

Assess your AICPA TSC (SOC 2) compliance

Upload your document and get a risk-scored gap analysis against 58 AICPA TSC (SOC 2) obligations in under 5 minutes.

Start assessment Browse all regulations