CISSP · Question #1400
A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an abbreviated report that can be freely distributed. Wh
The correct answer is D. SOC 3. SOC 3 is a type of report that provides a high-level overview of the security program of a service organization, based on the Trust Services Criteria. SOC 3 is an abbreviated report that can be freely distributed to anyone, unlike SOC 1 and SOC 2 reports, which are restricted to
Question
Options
- ASOC 1
- BSOC 2 Type I
- CSOC 2 Type II
- DSOC 3
How the community answered
(24 responses)- B4% (1)
- D96% (23)
Explanation
SOC 3 is a type of report that provides a high-level overview of the security program of a service organization, based on the Trust Services Criteria. SOC 3 is an abbreviated report that can be freely distributed to anyone, unlike SOC 1 and SOC 2 reports, which are restricted to specified parties. SOC 3 does not include detailed testing procedures or results, unlike SOC 2 Type I and Type II reports, which provide more in-depth information about the design and operating effectiveness of the controls.
Topics
Community Discussion
No community discussion yet for this question.