As opposed to lots of compliance laws, SOC compliance is usually not required to function inside a given industry like PCI DSS compliance is for processing payment card data. Normally, companies need a SOC audit when their buyers request one. The difference between the different types of SOC audits lies https://www.nathanlabsadvisory.com/blog/nathan/understanding-the-sama-cybersecurity-framework-requirements-and-implementation/
