As opposed to quite a few compliance polices, SOC compliance is usually not required to operate in the specified industry like PCI DSS compliance is for processing payment card data. Normally, firms require a SOC audit when their clients ask for just one. SOC two is definitely an auditing technique https://www.nathanlabsadvisory.com/blog/tag/information-security-policy/
