In contrast to lots of compliance regulations, SOC compliance is often not necessary to work within a specified business like PCI DSS compliance is for processing payment card knowledge. Normally, providers have to have a SOC audit when their customers ask for 1. SOC two is really an auditing process https://www.nathanlabsadvisory.com/blog/tag/security-testing/