Contrary to many compliance laws, SOC compliance is typically not mandatory to operate in a given business like PCI DSS compliance is for processing payment card information. On the whole, firms require a SOC audit when their clients ask for a person. The distinction between the different types of SOC https://www.nathanlabsadvisory.com/blog/nathan/understanding-soc-2-a-guide-to-compliance-and-reporting/