Certified Cloud Security Professional (CCSP) — Question 207

Unlike SOC Type 1 reports, which are based on a specific point in time, SOC Type 2 reports are done over a period of time. What is the minimum span of time for a SOC Type 2 report?

Answer options

• A. Six months
• B. One month
• C. One year
• D. One week

Correct answer: A

Explanation

The correct answer is A, as SOC Type 2 reports must cover a minimum time span of six months to effectively assess the controls over that period. Options B, C, and D do not meet the required duration for a SOC Type 2 report, making them incorrect.