- Type 1 & Type 2, type1 is less controls, easier to get, but type 2 is what most enterprise deals demands
- Type 2 Components,
- Privacy
- Security
- Confidentiality
- Process Integrity
- Availability
- Audit involves a monitoring phase followed by a pen-testing phase
- Vanta (https://www.vanta.com/)
- ~$15000 for the audit guys