The RSI security website breaks down the methods in some detail, but the procedure in essence goes similar to this: The distinction between the differing types of SOC audits lies inside the scope and period from the evaluation: PCI DSS fines can differ from payment processor to payment processor, and https://www.nathanlabsadvisory.com/blog/nathan/cyber-security-consulting-solutions-by-nathan-labs-advisory-in-the-usa/