Not Like several compliance polices, SOC compliance is usually not mandatory to function within a given sector like PCI DSS compliance is for processing payment card info. Generally speaking, companies need a SOC audit when their shoppers ask for just one. PCI compliance is divided into four degrees, based on https://www.nathanlabsadvisory.com/iso-27001-information-security.html