Certificate of Cloud Auditing Knowledge (CCAK) — Question 161

Which of the following standards is MOST relevant for assurance over trust principles applicable to cloud security auditing?

Answer options

• A. ISO 27002
• B. ISO 27001
• C. SOC 2
• D. SOC 1

Correct answer: C

Explanation

SOC 2 is specifically designed to assess service providers' controls related to security, availability, processing integrity, confidentiality, and privacy, making it the most relevant standard for cloud security auditing. ISO 27001 and ISO 27002 focus on information security management systems and their implementation, while SOC 1 pertains to financial reporting and does not cover the necessary trust principles for cloud security.