Glossary
| Term | Definition |
|---|---|
DDQ |
Due Diligence Questionnaire – a structured set of questions used in vendor assessments and security reviews to evaluate an organization's security and compliance posture. |
CAIQ |
Consensus Assessments Initiative Questionnaire – a standardized due diligence questionnaire published by the Cloud Security Alliance (CSA). |
SIG |
Standardized Information Gathering questionnaire – a widely used due diligence questionnaire format for assessing third-party vendors. |
SOC |
System and Organization Controls – a set of audit report types (SOC 1, SOC 2, SOC 3) that evaluate service organizations' controls. |
ISO |
International Organization for Standardization – a globally recognized body that publishes standards, including ISO 27001 for information security management. |
Citation |
A reference to a specific statement in a verified AWS compliance document that supports an AI-generated response, allowing independent verification. |
IAM |
AWS Identity and Access Management – the service used to manage permissions and access to AWS resources, including AWS Artifact features. |
Compliance inquiry |
A record in Assurance Assistant that contains a submitted question or questionnaire and the AI-generated responses. |