It's not performed by auditors; it is done via the databrackets staff to determine the gaps within just the method. This gives them pretty particular suggestions of controls they should design and style and put into action. Performing similar to a hacker, the advisor must see how secure the process https://www.nathanlabsadvisory.com/blog/nathan/fast-affordable-soc-2-certification-services-in-the-usa/