An organization preparing for a regulatory compliance audit wants to ensure its cloud provider meets security requirements. To verify compliance, the organization reviews the cloud provider’s SOC 2 report and service-level agreements (SLAs). What type of audit is the organization MOST LIKELY conducting?