Certified Cloud Security Professional – CCSP – Question123

Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports are done over a period of time. What is the minimum span of time for a SOC Type 2 report?

A.
Six months
B. One month
C. One year
D. One week

Correct Answer: A

Explanation:

Explanation: SOC Type 2 reports are focused on the same policies and procedures, as well as their effectiveness, as SOC Type 1 reports, but are evaluated over a period of at least six consecutive months, rather than a finite point in time.