In case your application demands your prospects to enter their information on their particular equipment, Then you really qualify for SAQ A. The distinction between the differing types of SOC audits lies during the scope and length of your evaluation: Requirement 8 now goes past just demanding a unique ID https://www.nathanlabsadvisory.com/nerc-cip-compliance.html
