nerdexam
(ISC)2

CISSP · Question #1407

An organization contracts with a consultant to perform a System Organization Control (SOC) 2 audit on their internal security controls. An auditor documents a finding related to an Application Program

The correct answer is A. Processing Integrity. Processing integrity is one of the five trust service principles that are used to evaluate the security controls of a service organization in a SOC 2 audit. Processing integrity refers to the completeness, validity, accuracy, timeliness, and authorization of the system's processi

Submitted by diego_uy· Mar 5, 2026Security Assessment and Testing

Question

An organization contracts with a consultant to perform a System Organization Control (SOC) 2 audit on their internal security controls. An auditor documents a finding related to an Application Programming Interface (API) performing an action that is not aligned with the scope or objective of the system. Which trust service principle would be MOST applicable in this situation?

Options

  • AProcessing Integrity
  • BAvailability
  • CConfidentiality
  • DSecurity

How the community answered

(56 responses)
  • A
    88% (49)
  • B
    4% (2)
  • C
    2% (1)
  • D
    7% (4)

Explanation

Processing integrity is one of the five trust service principles that are used to evaluate the security controls of a service organization in a SOC 2 audit. Processing integrity refers to the completeness, validity, accuracy, timeliness, and authorization of the system's processing of data and transactions. An API that performs an action that is not aligned with the scope or objective of the system violates the processing integrity principle, because it may compromise the quality, reliability, and consistency of the system's output. The other trust service principles are availability, confidentiality, security, and privacy.

Topics

#SOC 2#Trust Service Principles#processing integrity#auditing

Community Discussion

No community discussion yet for this question.

Full CISSP Practice