Free ISC2 CCSP Actual Exam Questions - Question 10 Discussion

Option C makes the most sense here since SOC 1 reports are all about internal controls over financial reporting. The "Type 1" part means it’s a snapshot of those controls at a particular date, not ongoing effectiveness. Privacy and PII stuff usually show up in SOC 2 reports instead, so options B and D don’t really fit. Integrity is broad and not the main focus either, so that leaves financial controls as the clear focus for SOC 1 Type 1 reports.

C SOC Type 1 reports are definitely tied to financial controls, focusing on how well those controls are designed at a specific point in time. The other options like privacy or PII usually relate more to SOC 2 or other types of reports. So, C makes the most sense here if we're talking strictly about SOC 1.

D imo, seems like SOC Type 1 is all about those controls related to privacy stuff, not the financial or PII-specific ones.