The RSI Security website breaks down the measures in certain element, but the method in essence goes like this: The difference between the different types of SOC audits lies inside the scope and period of the assessment: The security posture of the Firm is assessed dependant on SOC two requirements, https://www.nathanlabsadvisory.com/cis-center-internet-security.html