nerdexam
(ISC)2

CISSP · Question #1400

A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an abbreviated report that can be freely distributed. Wh

The correct answer is D. SOC 3. SOC 3 is a type of report that provides a high-level overview of the security program of a service organization, based on the Trust Services Criteria. SOC 3 is an abbreviated report that can be freely distributed to anyone, unlike SOC 1 and SOC 2 reports, which are restricted to

Submitted by daniela_cl· Mar 5, 2026Security Assessment and Testing

Question

A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an abbreviated report that can be freely distributed. Which type of report BEST meets this requirement?

Options

  • ASOC 1
  • BSOC 2 Type I
  • CSOC 2 Type II
  • DSOC 3

How the community answered

(24 responses)
  • B
    4% (1)
  • D
    96% (23)

Explanation

SOC 3 is a type of report that provides a high-level overview of the security program of a service organization, based on the Trust Services Criteria. SOC 3 is an abbreviated report that can be freely distributed to anyone, unlike SOC 1 and SOC 2 reports, which are restricted to specified parties. SOC 3 does not include detailed testing procedures or results, unlike SOC 2 Type I and Type II reports, which provide more in-depth information about the design and operating effectiveness of the controls.

Topics

#SOC reports#compliance#auditing#third-party risk

Community Discussion

No community discussion yet for this question.

Full CISSP Practice