An audit that assesses a service provider’s internal controls over a period of at least six months and conforms to the Statement on Auditing Standard 70 (SAS 70.) A SAS 70 Type II audit is recognized by the Securities and Exchange Commission (SEC) as an acceptable way of obtaining an auditor’s opinion for Sarbanes-Oxley (SOX) Section 404. Furthermore, companies that use service providers such as staffing suppliers or MSPs may request that their service provider conduct a SAS 70 Type II audit of its controls as part of a SOX-compliance effort.