Certified Cloud Security Professional (CCSP) — Question 470

Which of the following is the primary purpose of an SOC 3 report?

Answer options

• A. HIPAA compliance
• B. Absolute assurances
• C. Seal of approval
• D. Compliance with PCI/DSS

Correct answer: C

Explanation

The SOC 3 report primarily serves as a public document that provides a seal of approval for a service organization's controls and their effectiveness. Options A, B, and D refer to specific compliance requirements or guarantees that are not the focus of an SOC 3 report.