Certified Information Systems Security Professional – CISSP – Question293

Which of the following is true of Service Organization Control (SOC) reports?

A.
SOC 1 Type 2 reports assess the security, confidentiality, integrity, and availability of an organization’s controls
B. SOC 2 Type 2 reports include information of interest to the service organization’s management
C. SOC 2 Type 2 reports assess internal controls for financial reporting
D. SOC 3 Type 2 reports assess internal controls for financial reporting

Correct Answer: B

Explanation: