5. Regarding the reports on controls at service organizations (SOC Reports), which of the following statements is not true? (A) An SOC 1 report, Report on Controls at a Service Organization Relevant to User Entities' Internal Control Over Financial Reporting, is intended to meet the needs of user entities and their auditors. (B) SOC 1 Reports are used to plan and perform audits of the user entity's financial statements by user auditors. (C) The SOC 1 guidance for service auditors and the guidance for user auditors are both in the attestation standards. (D) SOC 2 Reports report about controls at a service organization that affect the security, availability, and processing integrity of the systems the service organization uses to process users' data and the confidentiality and privacy of the information processed by these systems.