It difficulties recommendations on how to interpret core principles of the GDPR and can problem binding decisions addressed to the information safety authorities on dispute in concrete situations relating to cross-border processing. The distinction between the different types of SOC audits lies during the scope and period of your assessment: https://www.nathanlabsadvisory.com/cism-certified-information-security-manager.html
