Privacy audits differ from privacy assessments in that they are evidence-based, meaning that they rely on objective and verifiable data to evaluate the compliance and effectiveness of the privacy program. Privacy assessments, on the other hand, are based on standards, meaning that they use a set of criteria or best practices to measure the performance and maturity of the privacy program. Privacy audits are usually conducted by external parties, while privacy assessments can be done internally or externally. References: CIPM Body of Knowledge, Domain III: Privacy Program Operational Life Cycle, Section A: Assess, Subsection 1: Privacy Assessments and Audits.