Glossary of Compliance

Compliance Glossary

Our list of curated compliance glossary offers everything you to know about compliance in one place.

Glossary » SOC 2 » SAS 70

SAS 70

SAS 70 is a standard developed by the American Institute of Certified Public Accountants (AICPA) to evaluate the security controls of service organizations. It guides them and their auditors to demonstrate the effectiveness of their controls to their clients and their clients’ auditors.

SAS 70 is currently replaced by the Statement on Standards for Attestation Engagements (SSAE) 18, which is the current standard for evaluating the controls of service organizations. While the SSAE 18 standard includes the same types of evaluations as SAS 70, it is updated to align with current industry best practices and to reflect changes in technology and the business environment.

Today, SOC 2 audits follow the SSAE 18 standard rather than SAS 70.

Additional reading

Top 8 OneTrust Alternatives: Compare Competitor Pros, Cons, & Features

Choosing a compliance tool can take you down a rabbit hole of options and marketing gimmicks. With each solution claiming to be the best out there, choosing the right one can be another daunting task in your compliance checklist, rather than being an enabler.  What if there was one resource that consolidated all the important…

The Complete Guide to Enterprise Risk Reporting

TL,DR: Enterprise risk reporting turns fragmented risk signals into measurable, board-ready decision support. It connects operational, security, compliance, vendor, and regulatory risks into one reporting process. The article explains frameworks, reporting workflows, automation, metrics, and leadership-level risk communication. Every business decision is fundamentally a bet on the future.  You’re betting that markets will hold steady,…

Information Security vs Cyber Security: Key Differences and Why They Matter

TL,DR: Information security safeguards data in any form (digital, physical, written) by ensuring confidentiality, integrity, and availability. Cybersecurity specifically targets protecting digital systems, networks, and data from threats like hacking or phishing Operationally, infosec relies on broader data management frameworks and governance policies, while cybersecurity employs technical measures such as firewalls, intrusion detection systems, and…

Sprinto: Your growth superpower

Use Sprinto to centralize security compliance management – so nothing
gets in the way of your moving up and winning big.