ExpertHard1 markMultiple Choice
CPA · Question 42 · Area III: SOC Engagements
In a SOC 2® engagement, which of the following is a 'Trust Services Criterion' related to Privacy?
In a SOC 2® engagement, which of the following is a 'Trust Services Criterion' related to Privacy?
Answer options:
A.
System processing is complete, valid, accurate, timely, and authorized.
B.
Information is protected from unauthorized access.
C.
Personal information is collected, used, retained, disclosed, and disposed of to meet the entity's objectives.
D.
Information designated as confidential is protected.
How to approach this question
Privacy = Personal Data (PII). Confidentiality = Business Secrets. Security = Access. Processing Integrity = Accuracy.
Full Answer
C.Personal information is collected, used, retained, disclosed, and disposed of to meet the entity's objectives.✓ Correct
The Privacy criterion specifically addresses the collection, use, retention, disclosure, and disposal of personal information in conformity with the entity's privacy notice.
Common mistakes
Confusing Privacy (People) with Confidentiality (Business Data).
Practice the full CPA ISC Practice Exam 4
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...HardQ02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...HardQ03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...HardQ04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...HardQ05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard