Unlike lots of compliance rules, SOC compliance is often not required to operate in the specified industry like PCI DSS compliance is for processing payment card info. In general, firms need a SOC audit when their prospects ask for 1. Managing the entry of charge card info from shoppers; specifically, https://www.nathanlabsadvisory.com/cmmc.html
