As opposed to a lot of compliance rules, SOC compliance is often not necessary to work in the provided industry like PCI DSS compliance is for processing payment card info. In general, corporations need a SOC audit when their prospects request one. Share your views on EU legislation and policies, https://www.nathanlabsadvisory.com/blog/tag/information-security-policy/
