Certified Information Systems Security Professional (CISSP) — Question 457

An international organization has decided to use a Software as a Service (SaaS) solution to support its business operations. Which of the following compliance standards should the organization use to assess the international code security and data privacy of the solution?

Answer options

• A. Service Organization Control (SOC) 2
• B. Information Assurance Technical Framework (IATF)
• C. Health Insurance Portability and Accountability Act (HIPAA)
• D. Payment Card Industry (PCI)

Correct answer: A

Explanation

The correct answer is A, Service Organization Control (SOC) 2, which specifically focuses on security, availability, processing integrity, confidentiality, and privacy of customer data in SaaS solutions. Options B, C, and D do not directly assess the security and privacy aspects relevant to general SaaS implementations; IATF is more about technical frameworks, HIPAA pertains to healthcare data, and PCI focuses on payment card transactions.