It Troubles recommendations on how to interpret core concepts on the GDPR and might difficulty binding decisions addressed to the data security authorities on dispute in concrete instances relating to cross-border processing. The difference between the differing types of SOC audits lies within the scope and length on the assessment: https://www.nathanlabsadvisory.com/iso-27001-information-security.html