As Opposed to lots of compliance rules, SOC compliance is usually not required to operate in the given field like PCI DSS compliance is for processing payment card knowledge. Generally, firms need a SOC audit when their clients ask for one. Handling the entry of credit card data from clients; https://www.nathanlabsadvisory.com/fair-risk-assessment.html