

# Glossary
<a name="assurance-assistant-glossary"></a>


| Term | Definition | 
| --- | --- | 
| DDQ | Due Diligence Questionnaire – a structured set of questions used in vendor assessments and security reviews to evaluate an organization's security and compliance posture. | 
| CAIQ | Consensus Assessments Initiative Questionnaire – a standardized due diligence questionnaire published by the Cloud Security Alliance (CSA). | 
| SIG | Standardized Information Gathering questionnaire – a widely used due diligence questionnaire format for assessing third-party vendors. | 
| SOC | System and Organization Controls – a set of audit report types (SOC 1, SOC 2, SOC 3) that evaluate service organizations' controls. | 
| ISO | International Organization for Standardization – a globally recognized body that publishes standards, including ISO 27001 for information security management. | 
| Citation | A reference to a specific statement in a verified AWS compliance document that supports an AI-generated response, allowing independent verification. | 
| IAM | AWS Identity and Access Management – the service used to manage permissions and access to AWS resources, including AWS Artifact features. | 
| Compliance inquiry | A record in Assurance Assistant that contains a submitted question or questionnaire and the AI-generated responses. | 