Tolerable rate of deviation―A rate of deviation in the operation of control procedures as designed in respect of which the assurance practitioner seeks to obtain an appropriate level of assurance that the rate of deviation set by the assurance …

User entity―An entity that uses a service organisation. …

In the case of a subservice organisation, the service auditor of a service organisation that uses the services of the subservice organisation is also a user …

User entity―an entity that uses a service organisation. …

For purposes of this ASAE, the following terms have the meanings attributed below: …

Carve‑out method―method of dealing with the services provided by a subservice organisation, whereby the service organisation’s description of its system includes the nature of the services provided by a subservice organisation, but that subservice …

Complementary user entity controls―controls that the service organisation assumes, in the design of its service, will be implemented by user entities, and which, if necessary to achieve control objectives stated in the service organisation’s description …

Control objective―the aim or purpose of a particular aspect of controls.  Control objectives relate to risks that controls seek to …

Controls at the service organisation―controls over the achievement of a control objective that is covered by the service auditor’s assurance report.  (Ref: Para.  A3 …

Controls at a subservice organisation―controls at a subservice organisation to provide reasonable assurance about the achievement of a control …