ExpertMedium1 markMultiple Choice
CPA · Question 65 · Area III: SOC Engagements
A service organization wants a report to display on their website for potential customers to prove they are secure. The report should not contain sensitive technical details. Which report should they choose?
A service organization wants a report to display on their website for potential customers to prove they are secure. The report should not contain sensitive technical details. Which report should they choose?
Answer options:
A.
SOC 1 Type II
B.
SOC 2 Type II
C.
SOC 3
D.
SOC 2 Type I
How to approach this question
Keywords: 'Website', 'Public', 'No details'.
Full Answer
C.SOC 3✓ Correct
SOC 3 is a general-use report that covers the same criteria as SOC 2 but omits the detailed testing results and system description, making it suitable for public distribution.
Common mistakes
Thinking SOC 2 can be posted publicly (it is restricted use).
Practice the full CPA ISC Practice Exam 5
82 questions · hints · full answers · grading
More questions from this exam
Q01A service organization provides a cloud-based payroll processing application to its user entities...MediumQ02An auditor is reviewing the shared responsibility model for a client using an Infrastructure as a...HardQ03A financial institution requires a cloud deployment model that offers the highest level of contro...MediumQ04During an IT audit, you observe that a company uses a 'Hybrid Cloud' architecture. Which scenario...MediumQ05Which component of IT architecture is primarily responsible for translating domain names (like ww...Easy