As Opposed to a lot of compliance regulations, SOC compliance is usually not mandatory to work inside a offered industry like PCI DSS compliance is for processing payment card data. Generally, organizations need a SOC audit when their clients ask for just one. SOC two is really a security framework https://www.nathanlabsadvisory.com/blog/tag/digital-assets-protection/