For purposes of this document, the following terms have the meanings attributed as follows:

• applicable trust services criteria. The criteria codified in TSP section 100, 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy, which are used to evaluate controls relevant to the trust services category or categories included within the scope of the examination.
• board or board of directors. Individuals with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of the entity. Depending on the nature of the entity, such responsibilities may be held by a board of directors or supervisory board for a corporation, a board of trustees for a not‐for‐profit entity, a board of governors or commissioners for a government entity, general partners for a partnership, or an owner for a small business.
• boundaries of the system (or system boundaries). The boundaries of a system are the specific components of an entity's infrastructure, software, people, procedures, and data that produce, manufacture, or distribute the product. When systems for multiple services share infrastructure, software, people, procedures, and data, the systems will overlap; however, the boundaries of each system will differ.
• business partner. An individual or business (and its employees), other than ...