When Merchants signal a deal which has a payment processor, they agree to be subject to fines should they fail to keep up PCI DSS compliance. The difference between the differing types of SOC audits lies during the scope and period of the evaluation: He is also the creator of https://www.nathanlabsadvisory.com/nist-800-171.html