It's not carried out by auditors; it is done with the databrackets crew to find out the gaps inside the procedure. This provides them pretty precise recommendations of controls they should layout and employ. ISO 27001, which has considerable overlap With all the SOC 2 requirements, is popular internationally and https://bestcybersecurityconsulting.com/blog/how-the-aramco-cyber-security-certificate-can-elevate-your-career-in-saudi-arabia/
