The data controller determines the purposes for which as well as the usually means by which own data is processed. The difference between the different sorts of SOC audits lies while in the scope and duration from the assessment: PCI DSS fines can vary from payment processor to payment processor, https://www.nathanlabsadvisory.com/blog/nathan/emerging-cybersecurity-threats-in-2023-what-you-need-to-know/