Contrary to a lot of compliance polices, SOC compliance is usually not necessary to operate within a provided business like PCI DSS compliance is for processing payment card details. In general, providers require a SOC audit when their buyers request one. Formally attest your compliance. An AOC (attestation of compliance) https://www.nathanlabsadvisory.com/fair-risk-assessment.html
