Listen to: "What are Webtrust and Systrust?"
Your Customers Rely on Your Organization to Maintain a Safe Online Environment
Each time a loyal customer decides to engage with your organization, they are taking a risk by providing their personal information. Of course that is true anytime someone enters the cyber world, but when customers put their faith in your brand, it is essential that you do everything possible to protect their information and maintain trust and confidence.
The American Institute of Chartered Public Accountants (AICPA), along with the Canadian Institute of Chartered Accountants (CICA), understand the need for businesses to honor and protect consumers’ personal data during online transactions and other communications. Together, these entities have put forth a set of globally recognized standards, which include availability, privacy, confidentiality, security, business practices and transaction integrity, and non-repudiation.
How Do Trust Service Principles and SOC 2 and SOC 3 Reports Tie in with WebTrust and SysTrust?
The confidence-focused standards that AICPA and CICA.ca have established serve to create and foster consumer confidence have become known as Trust Service Principles. These criteria make up the frame work to monitor an organization’s service organization controls (SOC), thus work as the foundation for SOC 2 and SOC 3 reports for internal and external audits.
With these firm guidelines in place, it makes it easier for in-house auditors or outside consultants to objectively evaluate various controls that give them the best and most comprehensive understanding of the organization’s adherence to controls that include security, availability, processing integrity of a system, and the confidentiality and privacy of the information processed by the system.
With a focus on e-commerce and other online consumer-centered interactions, Trust Service Principles offer transparency to consumers by providing a set of best practices to protect them against security leaks, lost sales, and damaged data. WebTrust and SysTrust are the most common reports, based on the Trust Principles, used to provide reports to internet-based customers.
What is WebTrust?
As one of two reports available, based on the Trust Service Principles, to instill and maintain strong consumer confidence when conducting e-commerce transactions, WebTrust uses several criteria to help evaluation the overall characteristics of a company’s online transaction environment.
IT leaders and outside auditors rely on the following criteria when performing evaluations:
- Security. Your system is safe from all forms of unauthorized access, whether internal or external or physical or intellectual. Continually monitor the latest and most effective safety measures that you and your team can take to ensure optimal protection for your customers’ peace of mind, as well as your own.
- Availability. Your system is available, according to commitments or agreements, for use and operation. It is important to regularly review the service levels outlined in your agreements with each of your online customers. Not only does this keep you in good standing with your customers, but it is also attractive to your Application Service Provider (ASP).
- Processing Integrity.You have made sure that system processing is complete, accurate, timely, and properly authorized. Knowing that each transaction will go through successfully and safely is another attractive and confidence-building quality that customers appreciate and remember. Anything that buoys customers’ trust in the online buying experience adds to their likelihood of returning for additional business.
- Confidentiality. Always a cornerstone of consumer trust-building, your work to protect business-to-business information is essential to the process. When your customers know that you have safeguards in place to protect their personal data from any type of intrusion, they are more likely to return for additional business transactions.
- Privacy. Collecting personal data is an organic part of e-commerce and other online transactions. However, it takes a leap of faith for many customers to trust the process in the first place, but when they see news reports of hacking and stolen data, it is critical that you assure them that you do everything possible to protect their confidential information that they disclose to carry out transactions, per your mutual agreement.
- Non-Repudiation. More of a benefit for your organization, non-repudiation still works to build mutual trust between you and your customers. Confirming customers’ ability to pay for online transactions helps protect your revenues, as well as your relationships with your customers.
Many companies feature a seal of WebTrust certification on their website to let customers know that they are in compliance right away.
What Is SysTrust?
Trimming the Trust Services Principles down to three vital criteria, the SysTrust engagement “is designed to increase the comfort of management, customers, and business partners with systems that support a business or particular activity.”
A SysTrust engagement brings focus to the following three pieces of information to help build consumer trust:
- Integrity. Provide the best and most consistent system processing, making sure each transaction is complete, accurate, timely, and authorized.
- Security. Keep your system safe by following the most current security trends to guard against any potential threat to your business’s system against various threats.
- Availability. Monitor your agreement with your customer and always ensure that your system is available at the agreed service level.
Once completing a series of tests for the evaluation, the auditor or assessment professional gives an opinion on the maintenance and effectives of the service organization controls with the use of the SysTrust assurance service.
WebTrust and SysTrust Can Serve as the Frame Work for Your Next SOC 3 Report
Either assurance service, WebTrust or SysTrust, can serve as the series of criteria you want to use for your next SOC 3 report, which provides an opinion letter and your organization’s details covering your internal control environment.
If you need help deciding which assurance service your organization needs, I.S. Partners, LLC. can help. Contact us to learn more about Trust Service Principles and SOC 3 reports, and how they help your organization build solid relationships with your customers.