It Concerns recommendations on how to interpret core principles of your GDPR and will problem binding conclusions dealt with to the information defense authorities on dispute in concrete circumstances regarding cross-border processing. The difference between the different sorts of SOC audits lies within the scope and length on the assessment: https://www.nathanlabsadvisory.com/blog/nathan/key-components-of-a-successful-incident-response-strategy/