Certified Information Systems Security Professional (CISSP) — Question 443

What industry-recognized document could be used as a baseline reference that is related to data security and business operations or conducting a security assessment?

Answer options

• A. Service Organization Control (SOC) 1 Type 2
• B. Service Organization Control (SOC) 1 Type 1
• C. Service Organization Control (SOC) 2 Type 2
• D. Service Organization Control (SOC) 2 Type 1

Correct answer: D

Explanation

The correct answer is D, as SOC 2 Type 1 reports provide an evaluation of a service organization's systems and the suitability of the design of its controls related to data security. Options A, B, and C do not specifically address the combination of data security and business operations in the same comprehensive manner that SOC 2 Type 1 does.