CompTIA Security+ (SY0-601) — Question 52

The Chief Information Security Officer (CISO) has requested that a third-party vendor provide supporting documents that show proper controls are in place to protect customer data. Which of the following would be BEST for the third-party vendor to provide to the CISO?

Answer options

• A. GDPR compliance attestation
• B. Cloud Security Alliance materials
• C. SOC 2 Type 2 report
• D. NIST RMF workbooks

Correct answer: C

Explanation

The SOC 2 Type 2 report is specifically designed to evaluate the effectiveness of controls over a period of time, making it the most relevant document for demonstrating ongoing customer data protection. While GDPR compliance attestation, Cloud Security Alliance materials, and NIST RMF workbooks provide valuable information, they do not focus on the operational effectiveness of controls like the SOC 2 Type 2 report does.