Unlike many compliance regulations, SOC compliance is often not required to operate within a presented business like PCI DSS compliance is for processing payment card knowledge. On the whole, companies need a SOC audit when their buyers ask for a single. Formally attest your compliance. An AOC (attestation of compliance) https://www.nathanlabsadvisory.com/blog/nathan/key-components-of-a-successful-incident-response-strategy/
