ExpertMedium1 markMultiple Choice
CPA · Question 32 · Area III: SOC Engagements
In a SOC 2® engagement, which of the following Trust Services Criteria is MANDATORY for every report?
In a SOC 2® engagement, which of the following Trust Services Criteria is MANDATORY for every report?
Answer options:
A.
Security (Common Criteria)
B.
Availability
C.
Privacy
D.
Processing Integrity
How to approach this question
Security is the 'Common Criteria'. You cannot have a SOC 2 without Security.
Full Answer
A.Security (Common Criteria)✓ Correct
The Security criteria (referenced as the Common Criteria) are required for all SOC 2 engagements. Management selects which of the other four (Availability, Processing Integrity, Confidentiality, Privacy) to include based on user needs.
Common mistakes
Thinking Availability is mandatory.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard