Which kind of SSAE audit report is a cloud customer most likely to receive from a cloud provider?
Which kind of SSAE audit report is a cloud customer most likely to receive from a cloud provider?
The most likely SSAE audit report a cloud customer would receive from a cloud provider is a SOC 2 Type 2 report. This type of report focuses on the internal controls relevant to security, availability, and confidentiality of the cloud service, which are critical factors for cloud customers. SOC 1 reports are more about financial reporting, which is less relevant in this context. SOC 3 reports are more general and provide less detail about the internal controls. Hence, SOC 2 Type 2 is the most suitable and valuable for cloud customers assessing potential service providers.
they are not irrelevant but they are restricted use so if you see soc 3 and general use select soc 3.
Disagree that SoC 1 reports are irrelevant to a cloud customer.
This is from the "ISC2 Official Guide to CCSP CBK - 2nd Edition". The answer is 'C'