SysTrust, SAS 70 and SOC: What’s the Difference?


Thought Leadership

SysTrust, SAS 70 and SOC: What’s the Difference?

Jim Brashear

Since 2003, ZixCorp has maintained SysTrust certification and SAS 70 accreditation. During our annual renewal process this year, ZixCorp transitioned to the industry’s new credentials - SOC3/SysTrust certification and SOC2 accreditation - associated with revisions to the AICPA standards. Why the change?

A Shift in Standards
Developed by The American Institute of CPAs (AICPA), SAS 70 was originally put in place as an audit report standard for financial organizations that have and use financial controls. SAS 70 was NOT originally designed as an audit standard for service organization controls for security, availability, integrity and confidentiality.

To accommodate the increasing market need for service organization standards, AICPA revised SAS 70, as well as the professional assurance standard SysTrust. In 2011, SAS 70 and SysTrust were officially replaced by Service Organization Controls (SOC) reports.

For additional details on the replacement of SAS 70 and SysTrust reports with SOC reports, please watch this educational video published by AICPA.

Added Confidence
In addition to our SOC3/SysTrust certification and SOC2 accreditation, ZixCorp has achieved the highest PCI standard with Level 1 compliance based on DSS version 2.0. The Payment Card Industry (PCI) Data Security Standards (DSS) were developed to assist organizations in meeting the highest standards for data privacy and security when transmitting payment card information. ZixCorp originally received PCI Level 1, DSS V2.0 certification in March 2011 and renews its certification on an annual basis.

What You Need to Know?
ZixCorp is the only email encryption provider with SOC3/SysTrust certification, SOC2 accreditation and PCI Level 1, DSS V2.0 certification. We’ve worked hard to gain the trust of the nation’s most influential healthcare, financial services and government organizations, and we continue to keep their loyalty by providing leading email encryption services with the highest standards of security, confidentiality, availability and integrity.

For more information about our standards, please view the ZixCorp Certification & Accreditation Web page and datasheet.