A SOC 2 Have to be done by a licensed CPA firm. If you end up picking to employ compliance automation software, it’s advised that you select an auditing agency that also provides this software Option for a more seamless audit. PCI compliance is split into four stages, according to https://www.nathanlabsadvisory.com/ce-marking-services-european-notified-body.html