Contrary to many compliance laws, SOC compliance is typically not mandatory to work in a offered business like PCI DSS compliance is for processing payment card information. On the whole, providers require a SOC audit when their consumers ask for 1. The GDPR protects own information regardless of the technologies https://www.nathanlabsadvisory.com/blog/nathan/secure-federal-contracts-with-fisma-compliance/
