This isn't done by auditors; it is completed from the databrackets workforce to determine the gaps within the procedure. This gives them pretty particular suggestions of controls they have to structure and implement. There's two kinds of SOC two attestation studies. A kind I report assesses a corporation’s cybersecurity controls https://pcidsscompliancecertification.com/blog/why-pci-dss-compliance-certification-important-for-your-us-business/