ExpertEasy1 markMultiple Choice
CPA · Question 28 · Area III: SOC Engagements
In a SOC 2® engagement, which Trust Services Criteria category is MANDATORY for every report?
In a SOC 2® engagement, which Trust Services Criteria category is MANDATORY for every report?
Answer options:
A.
Security
B.
Availability
C.
Confidentiality
D.
Privacy
How to approach this question
Recall the Common Criteria rule.
Full Answer
A.Security✓ Correct
A
The Security category (also known as the Common Criteria) is the foundation of the Trust Services Criteria and is required for every SOC 2® engagement. Availability, Processing Integrity, Confidentiality, and Privacy are optional based on the service provided.
Common mistakes
Thinking all 5 criteria are mandatory.
Practice the full CPA ISC Practice Exam 3
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud-based s...MediumQ02During a review of a client's cloud governance structure, an auditor notes that the client uses a...MediumQ03An auditor is evaluating the 'Processing Integrity' principle for a financial institution's loan ...HardQ04A company uses a batch processing system to update inventory records overnight. The 'Grandfather-...HardQ05During a walkthrough of the change management process, an auditor observes that the 'Developer' r...Medium