The RSI security weblog breaks down the steps in some detail, but the method in essence goes such as this: The distinction between the different sorts of SOC audits lies within the scope and period in the evaluation: These Questions and Answers are based on feedback gained from various stakeholders https://www.nathanlabsadvisory.com/cybersecurity-technical-writing.html
