ExpertMedium1 markMultiple Choice
CPA · Question 35 · Area III: SOC Engagements
A service organization provides a cloud-based accounting platform. They want to assure their customers that the system is available and confidential. However, they do not want to reveal the detailed results of their control testing to the general public. Which report is MOST appropriate?
A service organization provides a cloud-based accounting platform. They want to assure their customers that the system is available and confidential. However, they do not want to reveal the detailed results of their control testing to the general public. Which report is MOST appropriate?
Answer options:
A.
SOC 1® Type II
B.
SOC 2® Type II
C.
SOC 3®
D.
SOC for Cybersecurity
How to approach this question
Match 'General Public' + 'No Details' to SOC 3.
Full Answer
C.SOC 3®✓ Correct
A SOC 3® report is a general-use report that provides only the auditor's opinion on whether the system achieved the Trust Services Criteria. It does not include the detailed description of tests and results found in a SOC 2®, making it suitable for public marketing.
Common mistakes
Confusing SOC 2 (Restricted Use) with SOC 3 (General Use).
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium