diff --git a/CHANGELOG.md b/CHANGELOG.md
index e9b1b7f1..a675cf87 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,11 @@ Extending the adopted spec, each change should have a link to its corresponding
 - The `python_interpreter_path` variable which can be altered to support execution in a Windows environment. [#265]
 - Support for importing existing projects. [#138]
 
+### Changed
+
+- When deleting a service account, deprivilege first to remove IAM binding [#341]
+- Fixed typo in `default_service_account` variable's default value from `depriviledge` to `deprivilege`. [#345]
+
 ## [6.0.0] - 2019-11-26
 
 6.0.0 is a backwards incompatible release. See the [upgrade guide](./docs/upgrading_to_project_factory_v6.0.md) for details.
@@ -112,7 +117,7 @@ Extending the adopted spec, each change should have a link to its corresponding
 
 ### Fixed
 
-- Precoditions script handles projects with a large number of enabled APIs. [#220]
+- Preconditions script handles projects with a large number of enabled APIs. [#220]
 
 ## [2.3.0] - 2019-05-28
 
@@ -120,7 +125,7 @@ Extending the adopted spec, each change should have a link to its corresponding
 
 - Feature that toggles authoritative management of project services. [#213]
 - Option that provides ability to choose the region of the bucket [#207]
-- Added option to depriviledge or keep default compute service account. [#186]
+- Added option to deprivilege or keep default compute service account. [#186]
 
 ### Fixed
 
@@ -280,6 +285,8 @@ Extending the adopted spec, each change should have a link to its corresponding
 [0.2.1]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v0.2.0...v0.2.1
 [0.2.0]: https://github.com/terraform-google-modules/terraform-google-project-factory/compare/v0.1.0...v0.2.0
 
+[#345]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/345
+[#341]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/341
 [#313]: https://github.com/terraform-google-modules/terraform-google-project-factory/issues/313
 [#300]: https://github.com/terraform-google-modules/terraform-google-project-factory/issues/300
 [#309]: https://github.com/terraform-google-modules/terraform-google-project-factory/pull/309
diff --git a/README.md b/README.md
index e715f732..25a5caf1 100644
--- a/README.md
+++ b/README.md
@@ -122,7 +122,7 @@ determining that location is as follows:
 | bucket\_name | A name for a GCS bucket to create (in the bucket_project project), useful for Terraform state (optional) | string | `""` | no |
 | bucket\_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `""` | no |
 | credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `""` | no |
-| default\_service\_account | Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`. | string | `"disable"` | no |
+| default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | string | `"disable"` | no |
 | disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | bool | `"true"` | no |
 | disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `"true"` | no |
 | domain | The domain name (optional). | string | `""` | no |
diff --git a/docs/TROUBLESHOOTING.md b/docs/TROUBLESHOOTING.md
index d524fb4a..e21dbd6b 100644
--- a/docs/TROUBLESHOOTING.md
+++ b/docs/TROUBLESHOOTING.md
@@ -251,7 +251,7 @@ requires that the default compute service account be in place in the project.
 In order to deploy an App Engine Flex application into a project created by Project Factory,
 the default service account must not be disabled (as is the default behavior) or deleted. To prevent the
 default service account from being deleted, ensure that the `default_service_account` input
-is set to either `depriviledge` or `keep`.
+is set to either `deprivilege` or `keep`.
 
 - - -
 ### Seed project missing APIs
diff --git a/examples/simple_project/README.md b/examples/simple_project/README.md
index 40427563..5e98f618 100644
--- a/examples/simple_project/README.md
+++ b/examples/simple_project/README.md
@@ -15,7 +15,7 @@ Expected variables:
 |------|-------------|:----:|:-----:|:-----:|
 | billing\_account | The ID of the billing account to associate this project with | string | n/a | yes |
 | credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `""` | no |
-| default\_service\_account | Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`. | string | n/a | yes |
+| default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | string | n/a | yes |
 | organization\_id | The organization id for the associated services | string | n/a | yes |
 
 ## Outputs
diff --git a/examples/simple_project/variables.tf b/examples/simple_project/variables.tf
index 9bfe288c..0e1a8789 100644
--- a/examples/simple_project/variables.tf
+++ b/examples/simple_project/variables.tf
@@ -28,6 +28,6 @@ variable "credentials_path" {
 }
 
 variable "default_service_account" {
-  description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`."
+  description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`."
 }
 
diff --git a/modules/core_project_factory/main.tf b/modules/core_project_factory/main.tf
index 0ae87f05..5624b7a0 100644
--- a/modules/core_project_factory/main.tf
+++ b/modules/core_project_factory/main.tf
@@ -209,10 +209,10 @@ EOD
 }
 
 /*********************************************
-  Default compute service account depriviledge
+  Default compute service account deprivilege
  ********************************************/
-resource "null_resource" "depriviledge_default_compute_service_account" {
-  count = var.default_service_account == "depriviledge" ? 1 : 0
+resource "null_resource" "deprivilege_default_compute_service_account" {
+  count = var.default_service_account == "deprivilege" ? 1 : 0
 
   provisioner "local-exec" {
     command    = <<EOD
@@ -221,7 +221,7 @@ ${path.module}/scripts/modify-service-account.sh \
   --sa_id='${data.null_data_source.default_service_account.outputs["email"]}' \
   --credentials_path='${var.credentials_path}' \
   --impersonate-service-account='${var.impersonate_service_account}' \
-  --action='depriviledge'
+  --action='deprivilege'
 EOD
     on_failure = "continue"
   }
diff --git a/modules/core_project_factory/scripts/modify-service-account.sh b/modules/core_project_factory/scripts/modify-service-account.sh
index 84712351..1a34a1a4 100755
--- a/modules/core_project_factory/scripts/modify-service-account.sh
+++ b/modules/core_project_factory/scripts/modify-service-account.sh
@@ -72,8 +72,8 @@ delete_sa() {
   fi
 }
 
-# Function to depriviledge the default service account.
-depriviledge_sa() {
+# Function to deprivilege the default service account.
+deprivilege_sa() {
   EDITORS_LIST_COMMAND="gcloud projects get-iam-policy $PROJECT_ID \
   --flatten=bindings[].members \
   --format=table(bindings.role,bindings.members) \
@@ -81,14 +81,14 @@ depriviledge_sa() {
   EDITORS_LIST=$(${EDITORS_LIST_COMMAND} || exit 1)
 
   if [[ $EDITORS_LIST = *"$SA_ID"* ]]; then
-      echo "Depriviledge service account $SA_ID in project $PROJECT_ID"
+      echo "Deprivilege service account $SA_ID in project $PROJECT_ID"
       SA_DEPRIV_COMMAND="gcloud projects remove-iam-policy-binding $PROJECT_ID \
       --member=serviceAccount:$SA_ID \
       --role=roles/editor \
       --project=$PROJECT_ID $APPEND_IMPERSONATE"
       ${SA_DEPRIV_COMMAND}
   else
-      echo "Service account not listed. It appears to have already been depriviledged."
+      echo "Service account not listed. It appears to have already been deprivileged."
   fi
 }
 
@@ -113,10 +113,10 @@ disable_sa() {
 # Perform specified action of default service account.
 case $SA_ACTION in
   delete)
-      depriviledge_sa
+      deprivilege_sa
       delete_sa ;;
-  depriviledge)
-      depriviledge_sa ;;
+  deprivilege)
+      deprivilege_sa ;;
   disable)
       disable_sa ;;
   keep)
diff --git a/modules/core_project_factory/variables.tf b/modules/core_project_factory/variables.tf
index f81366eb..f1985959 100644
--- a/modules/core_project_factory/variables.tf
+++ b/modules/core_project_factory/variables.tf
@@ -156,7 +156,7 @@ variable "disable_services_on_destroy" {
 }
 
 variable "default_service_account" {
-  description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`."
+  description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`."
   default     = "disable"
   type        = string
 }
diff --git a/modules/gsuite_enabled/README.md b/modules/gsuite_enabled/README.md
index 21d74260..74130635 100644
--- a/modules/gsuite_enabled/README.md
+++ b/modules/gsuite_enabled/README.md
@@ -67,7 +67,7 @@ The roles granted are specifically:
 | bucket\_project | A project to create a GCS bucket (bucket_name) in, useful for Terraform state (optional) | string | `""` | no |
 | create\_group | Whether to create the group or not | bool | `"false"` | no |
 | credentials\_path | Path to a service account credentials file with rights to run the Project Factory. If this file is absent Terraform will fall back to Application Default Credentials. | string | `""` | no |
-| default\_service\_account | Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`. | string | `"disable"` | no |
+| default\_service\_account | Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`. | string | `"disable"` | no |
 | disable\_dependent\_services | Whether services that are enabled and which depend on this service should also be disabled when this service is destroyed. | string | `"true"` | no |
 | disable\_services\_on\_destroy | Whether project services will be disabled when the resources are destroyed | string | `"true"` | no |
 | domain | The domain name (optional). | string | `""` | no |
diff --git a/modules/gsuite_enabled/variables.tf b/modules/gsuite_enabled/variables.tf
index 912f2977..05b6a48a 100644
--- a/modules/gsuite_enabled/variables.tf
+++ b/modules/gsuite_enabled/variables.tf
@@ -154,7 +154,7 @@ variable "disable_services_on_destroy" {
 }
 
 variable "default_service_account" {
-  description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`."
+  description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`."
   default     = "disable"
   type        = string
 }
diff --git a/modules/shared_vpc/variables.tf b/modules/shared_vpc/variables.tf
index 3d2ff4d6..423443b8 100755
--- a/modules/shared_vpc/variables.tf
+++ b/modules/shared_vpc/variables.tf
@@ -148,7 +148,7 @@ variable "disable_services_on_destroy" {
 }
 
 variable "default_service_account" {
-  description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`."
+  description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`."
   default     = "disable"
   type        = string
 }
diff --git a/variables.tf b/variables.tf
index 9e4bf320..3c83f34e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -156,7 +156,7 @@ variable "disable_services_on_destroy" {
 }
 
 variable "default_service_account" {
-  description = "Project default service account setting: can be one of `delete`, `depriviledge`, `disable`, or `keep`."
+  description = "Project default service account setting: can be one of `delete`, `deprivilege`, `disable`, or `keep`."
   default     = "disable"
   type        = string
 }