A cloud hosting provider would like to provide a Service Organization Control (SOC) report relevant to its security program. This report should an abbreviated report that can be freely distributed. Which type of report BEST meets this requirement?
SOC 3 is a type of report that provides a high-level overview of the security program of a service organization, based on the Trust Services Criteria. SOC 3 is an abbreviated report that can be freely distributed to anyone, unlike SOC 1 and SOC 2 reports, which are restricted to specified parties. SOC 3 does not include detailed testing procedures or results, unlike SOC 2 Type I and Type II reports, which provide more in-depth information about the design and operating effectiveness of the controls . References: [CISSP CBK, Fifth Edition, Chapter 1, page 51]; [2024 Pass4itsure CISSP Dumps, Question 9].
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit