What are SOC 1/SOC 2/SOC 3? A. Audit reports B. Risk management frameworks C. Access controls D. Software developments
Correct Answer: A
Explanation:
Explanation: An SOC 1 is a report on controls at a service organization that may be relevant to a user entity’s internal control over financial reporting. An SOC 2 report is based on the existing SysTrust and WebTrust principles. The purpose of an SOC 2 report is to evaluate an organization’s information systems relevant to security, availability, processing integrity, confidentiality, or privacy. An SOC 3 report is also based on the existing SysTrust and WebTrust principles, like a SOC 2 report. The difference is that the SOC 3 report does not detail the testing performed.
Please disable your adblocker or whitelist this site!