It concerns rules on how to interpret core ideas with the GDPR and will concern binding conclusions dealt with to the info security authorities on dispute in concrete scenarios concerning cross-border processing. The distinction between the differing types of SOC audits lies in the scope and duration from the assessment: https://www.nathanlabsadvisory.com/soc-1.html
