Not like lots of compliance rules, SOC compliance is often not required to work in the provided market like PCI DSS compliance is for processing payment card details. In general, providers need a SOC audit when their clients ask for 1. The difference between the different sorts of SOC audits https://www.nathanlabsadvisory.com/iso-27001-information-security.html
