Not like a lot of compliance laws, SOC compliance is usually not necessary to function in a very given sector like PCI DSS compliance is for processing payment card info. Generally, providers have to have a SOC audit when their customers request just one. SOC two is an auditing technique https://www.nathanlabsadvisory.com/mobile-app-development.html