CPA Exam Lab
Section 3: 15–25%I12

Trust Services Criteria and SOC 2 Reporting

Exam Insight

The trust services criteria define the subject matter of every SOC 2 and SOC 3 engagement, and the ISC exam expects you to know the five categories, which one is always required, and how the criteria are structured. Understanding the components of a SOC 2 report lets you navigate questions about what the report contains and who is responsible for each part.

CPA Exam Lab is an independent study resource and is not affiliated with, endorsed by, or sponsored by the AICPA® or NASBA. Practice questions are original content created for study purposes. “CPA” is a registered trademark of the AICPA.

What AICPA Wants You to Know

  • 1Name and describe the five trust services criteria categories.
  • 2Explain why security (the common criteria) is always included in a SOC 2 examination.
  • 3Distinguish the common criteria from the category-specific (supplemental) criteria.
  • 4Describe the role of points of focus in applying the trust services criteria.
  • 5Identify the four key components of a SOC 2 report.
  • 6Match a customer concern (uptime, data accuracy, confidentiality, personal data) to the correct trust services category.