Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
When reviewing vendor certifications for handling and processing of company data, which of the following is the BEST Service Organization Controls (SOC) certification for the vendor to possess?
C is correct - sharing my notes from Prabh Nair (check out his coffee shot video)
There is no type 1 or 2 for SOC 3, and it's used high-level report generally available on public domain/ website.
SOC 1 & 2 has type 1 and type 2. Type 1 is the design of control while Type 2 is the effectiveness of the control.
SOC 1 is good for financial/ books of account.
SOC 2 talks about IT
Answer is C:
When reviewing vendor certifications for handling and processing of company data, the best Service Organization Controls (SOC) certification for the vendor to possess is the SOC 2 Type II certification. This certification is the most stringent in regards to data security and privacy, and is the most highly sought after by companies. It provides assurance that the vendor has appropriate processes, procedures, and controls in place for the data that they process. It also provides assurance to customers that the vendor is upholding the standards set by the American Institute of Certified Public Accountants (AICPA). The SOC 2 Type II certification is the gold standard in regards to data security and privacy, and is the best certification a vendor can possess.
I think the answer is D (SOC3) because SOC2 reports are always for internal mgmt, not for outsiders. Here, we are the outsiders and the organization will only share SOC3 with us. SOC3 reports are always type-II.
C is my answer based on he data protection purposes of SOC 2 type ii
SOC 2 offers a Type 1 and Type 2 report.
The Type 1 report is a point-in-time snapshot of your organization’s controls, validated by tests to determine if the controls are designed appropriately.
The Type 2 report looks at the effectiveness of those same controls over a more extended period - usually 12 months.
Data handling is SOC2 type 1 or 2 but type 2 is prefered.
SOC 2 Type II (3 - 12 months monitoring period).
Assesses the effectiveness of security processes by observing operations for at least three months. 6 - 12 months recommended.
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
dev46
Highly Voted 1 year, 7 months agojackdryan
1 year agoBituBaba
Most Recent 12 months agoJohnyDal
1 year, 3 months agoOverizzy
1 year, 5 months agoEltooth
1 year, 6 months agoDButtare
1 year, 7 months agofranbarpro
1 year, 7 months agoToa
1 year, 7 months agojackrj87
1 month agokazeiya
1 year, 7 months ago