For Individuals For Educators

Ace your certifications with Practice Exams and AI assistance.

Browse Exams
For Educators
Blog

Privacy Policy
Terms of Service
Cookie Policy
Support

AWS SAA Exam Prep
PMI PMP Exam Prep
CPA Exam Prep
GCP PCA Exam Prep

© 2026 TinyHive Labs. Company number 16262776.

Practice CPA®CPA ISC Practice Exam 2Question 73

Medium1 markMultiple Choice

Area III: SOC EngagementsSOC EngagementsArea III

CPA · Question 73 · Area III: SOC Engagements

Which of the following is a requirement of the 'Privacy' Trust Services Criterion?

Answer options:

A.

Data is encrypted at rest.

B.

Personal information is collected, used, retained, disclosed, and disposed of in conformity with the entity's privacy notice.

C.

System processing is valid and accurate.

D.

The system is protected against unauthorized access.

How to approach this question

Link Privacy to 'Notice' and 'Consent'.

Full Answer

B.Personal information is collected, used, retained, disclosed, and disposed of in conformity with the entity's privacy notice.✓ Correct

The Privacy criterion is distinct from Confidentiality because it deals with personal data and the specific promises made to the data subject.

Common mistakes

Confusing Privacy with Confidentiality.

Question 72 All questions Question 74

Practice the full CPA ISC Practice Exam 2

82 questions · hints · full answers · grading

Sign up free Take the exam

More questions from this exam

Q01A service organization provides a cloud-based payroll platform where clients access the software ...Medium Q02An auditor is reviewing the backup strategy for a financial institution that requires a Recovery ...Hard Q03During a walkthrough of the change management process, an auditor observes that developers have w...Medium Q04An auditor is reviewing a SQL query used to generate a list of active customers for a marketing c...Hard Q05Which of the following entities is considered a 'Covered Entity' under the HIPAA Privacy Rule?Medium

View all 82 questions →