This supplement contains authoritative AICPA Assurance Services Executive Committee material.

The trust services criteria for security, availability, processing integrity, con‐ fidentiality, and privacy and the related points of focus in this supplement have been extracted from TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, is‐ sued in April 2017 by the AICPA's Assurance Services Executive Committee.¹ The complete text may be found at https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/socforserviceorganizations.html.

The following table presents the trust services criteria and the related points of focus for security, availability, processing integrity, confidentiality, and privacy. Any of these categories may be applicable to a SOC for Supply Chain examina‐ tion. In the table, criteria and related points of focus that come directly from the Committee of Sponsoring Organizations of the Treadway Commission's 2013 Internal Control — Integrated Framework (COSO framework)² are presented using a normal font. In contrast, criteria and points of focus that apply to en‐ gagements using the trust services criteria are presented in italics.