Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » SOC 2 » SAS 70

SAS 70

SAS 70 is a standard developed by the American Institute of Certified Public Accountants (AICPA) to evaluate the security controls of service organizations. It guides them and their auditors to demonstrate the effectiveness of their controls to their clients and their clients’ auditors.

SAS 70 is currently replaced by the Statement on Standards for Attestation Engagements (SSAE) 18, which is the current standard for evaluating the controls of service organizations. While the SSAE 18 standard includes the same types of evaluations as SAS 70, it is updated to align with current industry best practices and to reflect changes in technology and the business environment.

Today, SOC 2 audits follow the SSAE 18 standard rather than SAS 70.

Additional reading

Benefits and Challenges of PCI DSS in 2025

As a company with its assets on the cloud, you know that every move you make has the potential to be a game-changer for your business. From marketing campaigns to production processes, you’ve probably invested a lot of time and effort into creating detailed strategies for success.  But have you considered how getting PCI DSS…

Types of Security Models: All you need to know

Security models offer a blueprint for how security should be applied within organizations to ensure data confidentiality for both them and their consumers. In this article, we will take a deep dive into the security models and their various types. What are security models? Information security models are systems that specify which people should have…

Due Diligence Questionnaire: Key Insights, Best Practices, and Examples for Compliance

TL,DR: A due diligence questionnaire (DDQ) is a structured set of questions evaluating a vendor’s security controls, regulatory compliance, operational stability, and data protection practices before investments, mergers, or partnerships DDQs cover security policies and governance, data protection and privacy practices, regulatory compliance status, incident response capabilities, business continuity planning, and third-party relationship management Best…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.

Contact sales