Certified Cloud Security Professional – CCSP – Question269

Different types of audits are intended for different audiences, such as internal, external, regulatory, and so on.
Which of the following audits are considered "restricted use" versus being for a more broad audience?

A.
SOC Type 2
B. SOC Type 1
C. SOC Type 3
D. SAS-70

Correct Answer: B

Explanation:

Explanation: SOC Type 1 reports are intended for restricted use, only to be seen by the actual service organization, its current clients, or its auditors. These reports are not intended for wider or public distribution.SAS-70 audit reports have been deprecated and are no longer in use, and both the SOC Type 2 and 3 reports are designed to expand upon the SOC Type 1 reports and are for broader audiences.