Just as in physical storage, cloud service providers are used to store sensitive data. This can be anything from credit card information to personal information such as social security numbers. There are three key cloud services: Software as a Service (SaaS), Platform as a Service (PaaS), and Infrastructure as a Service (IaaS). The storage of sensitive data will inevitably lead a cloud service provider to need a specific audit performed by a third-party entity, such as A-LIGN, due to legal, regulatory and/or contractual obligations. It is important for cloud service providers to understand its obligations first when selecting an audit.