Compared with a lot of compliance laws, SOC compliance is typically not necessary to work in a given business like PCI DSS compliance is for processing payment card data. Generally, corporations need a SOC audit when their clients request 1. The PCI Security Criteria Council was made by these industry https://www.nathanlabsadvisory.com/blog/category/nathan/page/4/
