Which of the following is a 'Privacy' control (as opposed to Security) in a SOC 2® engagement?

Answer options:

Firewall configuration.

Multi-factor authentication.

Procedures for handling data subject access requests (DSARs).

Antivirus software.

How to approach this question

Security = Protection. Privacy = Rights/Notice/Consent.

Full Answer

C.Procedures for handling data subject access requests (DSARs).✓ Correct

Privacy criteria focus on notice, choice and consent, collection, use, retention, and disposal, and access. Handling DSARs (Data Subject Access Requests) is a specific privacy requirement (e.g., GDPR, CCPA).

Common mistakes

Thinking encryption is purely privacy (it's a security tool used for confidentiality).

Question 76 All questions Question 78

Practice the full CPA ISC Practice Exam

82 questions · hints · full answers · grading

More questions from this exam

Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...Hard Q02During a walkthrough of a client's change management process, the auditor notes that developers h...Hard Q03A service organization provides a real-time transaction processing platform. The service level ag...Hard Q04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...Hard Q05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard

View all 82 questions →