>_COMMAND ZERO
medium
Single Answer
0

Kimon is the CISO for a major hospital system and is preparing to sign a contract with a software-as-a-service (SaaS) email vendor. He wants to perform a control assessment to ensure that its business continuity planning measures are reasonable. What type of audit might he request to meet this goal?

Answer Options

A

SOC 1

B

FISMA

C

PCI DSS

D

SOC 2

Correct Answer: D

Explanation

The System and Organization Controls audit program includes business continuity controls in a SOC 2, but not SOC 1, audit. Although FISMA and PCI DSS may audit business continuity, they would not apply to an email service used by a hospital.