Not like lots of compliance laws, SOC compliance is usually not required to work within a provided marketplace like PCI DSS compliance is for processing payment card data. Generally speaking, providers have to have a SOC audit when their consumers request one. PCI compliance is split into 4 stages, dependant https://www.nathanlabsadvisory.com/iso-27701-privacy-information-management-system-pims.html
