Certified Cloud Security Professional – CCSP – Question351

SOC Type 1 reports are considered "restricted use," in that they are intended only for limited audiences and purposes.
Which of the following is NOT a population that would be appropriate for a SOC Type 1 report?

A.
Current clients
B. Auditors
C. Potential clients
D. The service organization

Correct Answer: C

Explanation:

Explanation: Potential clients are not served by SOC Type 1 audits. A Type 2 or Type 3 report would be appropriate for potential clients. SOC Type 1 reports are intended for restricted use, where only the service organization itself, current clients, or auditors would have access to them.