In a SOC 2® engagement, which of the following is a 'Trust Services Criterion' related to Privacy?

Answer options:

System processing is complete, valid, accurate, timely, and authorized.

Information is protected from unauthorized access.

Personal information is collected, used, retained, disclosed, and disposed of to meet the entity's objectives.

Information designated as confidential is protected.

How to approach this question

Privacy = Personal Data (PII). Confidentiality = Business Secrets. Security = Access. Processing Integrity = Accuracy.

Full Answer

C.Personal information is collected, used, retained, disclosed, and disposed of to meet the entity's objectives.✓ Correct

Personal information is collected, used, retained, disclosed, and disposed of to meet the entity's objectives.

The Privacy criterion specifically addresses the collection, use, retention, disclosure, and disposal of personal information in conformity with the entity's privacy notice.

Common mistakes

Confusing Privacy (People) with Confidentiality (Business Data).

Question 41 All questions Question 43

Practice the full CPA ISC Practice Exam 4

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is advising a client who is migrating their legacy on-premise ERP system to a cloud environ...Hard Q02An auditor is reviewing the Service Level Agreement (SLA) for a client using a public cloud provi...Hard Q03A company uses an Infrastructure as a Service (IaaS) model. During an IT audit, the auditor disco...Hard Q04An organization is implementing the COSO Enterprise Risk Management (ERM) framework to govern its...Hard Q05During a walkthrough of an order-to-cash process, the auditor observes that the sales manager can...Hard

View all 82 questions →