A SOC two attestation is based over the Believe in Services Requirements and it is furnished by a registered CPA company authorized by the AICPA. Normally, a SOC two report is valid for a year and the Firm is required to engage precisely the same or a different CPA firm https://www.nathanlabsadvisory.com/blog/nathan/achieve-pci-dss-compliance-in-the-usa-secure-your-business-today/