As observed, the PCI DSS standard recognizes that not all companies have equal risk variables or equivalent capability to roll out security infrastructure. The RSI security weblog breaks down the measures in some detail, but the procedure in essence goes similar to this: When selecting amongst SOC 2 Compliance together https://cybersecurityservicesinusa.blogspot.com/
