Fact is that customers have a legitimate need to reserve a right to audit the cloud service provider’s compliance measures. But, it is also a fact that the service provider may not let customers into its data centers or systems because that would impair the security of other customers’ data. Also, individual audits would be unnecessarily disruptive and costly. As a compromise, cloud service providers can arrange for routine, comprehensive audits of their systems by a generally accepted audit firm and make the results available to all customers. If customers demand additional topics on the audit list, providers may want to expand the scope of the next scheduled audit (usually at the customers’ cost) provided the additional controls are reasonable.