ISC2 CISSP Exam - Topic 7 Question 118 Discussion

Actual exam question for ISC2's CISSP exam

Question #: 118
Topic #: 7

Which reporting type requires a service organization to describe its system and define its control objectives and controls that are relevant to users internal control over financial reporting?

AStatement on Auditing Standards (SAS)70

BService Organization Control 1 (SOC1)

CService Organization Control 2 (SOC2)

DService Organization Control 3 (SOC3)

Show Suggested Answer

Suggested Answer: B

Service Organization Control 1 (SOC1) is a report that provides information about the controls at a service organization that may affect the user entities' internal control over financial reporting. It is intended for users who have a reasonable understanding of the nature and significance of the service provided, the service organization's system, and the applicable trust services criteria. A SOC 1 report can help an organization evaluate the effectiveness of the service organization's controls that are relevant to users internal control over financial reporting.

by Alison at May 30, 2026, 03:13 AM

Limited Time Offer

25%

Off

Get Premium CISSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!