CCSP · Question #181
CCSP Question #181: Real Exam Question with Answer & Explanation
The correct answer is D: SOC 3. SOC 3 reports are designed for public consumption and provide a general-use attestation of a service organization's controls over security, availability, processing integrity, confidentiality, or privacy, without revealing sensitive system details.
Question
Which SSAE 16 audit report is simply an attestation of audit results?
Options
- ASOC 1
- BSOC 2, Type 1
- CSOC 2, Type 2
- DSOC 3
Explanation
SOC 3 reports are designed for public consumption and provide a general-use attestation of a service organization's controls over security, availability, processing integrity, confidentiality, or privacy, without revealing sensitive system details.
Common mistakes.
- A. SOC 1 reports focus on controls relevant to a user entity's financial reporting and are restricted to specific parties like the user entity and its financial auditors.
- B. SOC 2, Type 1 reports detail a service organization's system and the suitability of the design of its controls at a specific point in time, providing comprehensive information beyond a simple attestation.
- C. SOC 2, Type 2 reports provide a detailed description of a service organization's system and the operating effectiveness of its controls over a period of time, making them far more detailed than a simple attestation.
Concept tested. Types of SOC reports and their audience/purpose
Reference. https://www.aicpa.org/interestareas/frc/assuranceadvisoryservices/sorhomedescription.html
Topics
Community Discussion
No community discussion yet for this question.