The RSI security blog breaks down the measures in a few depth, but the procedure in essence goes similar to this: Includes a new illustrative report that may be utilized when accomplishing and reporting on a SOC 2+ evaluation. The PCI SSC has outlined 12 needs for dealing with cardholder https://www.nathanlabsadvisory.com/blog/tag/data-protection-experts/
