As part of PCI information security specifications, physical cardholder facts will have to also be saved in a very protected spot, for instance a locked place or storage region with restricted access. The distinction between the different types of SOC audits lies within the scope and period in the evaluation: https://www.nathanlabsadvisory.com/market-research-intelligence.html
