Compared with a lot of compliance polices, SOC compliance is usually not obligatory to work inside of a provided business like PCI DSS compliance is for processing payment card data. In general, companies have to have a SOC audit when their clients ask for one. You will find different procedures https://www.nathanlabsadvisory.com/iso-27701-privacy-information-management-system-pims.html
