When Your application involves your customers to enter their information on their own gadgets, Then you certainly qualify for SAQ A. The distinction between the different sorts of SOC audits lies during the scope and length of your evaluation: The PCI SSC has outlined 12 demands for dealing with cardholder https://www.nathanlabsadvisory.com/blog/tag/cyber-threats/