If the application calls for your clients to enter their information on their particular units, Then you really qualify for SAQ A. The distinction between the differing types of SOC audits lies inside the scope and duration with the evaluation: The PCI SSC has outlined twelve necessities for dealing with https://www.nathanlabsadvisory.com/blog/nathan/understanding-the-sama-cybersecurity-framework-requirements-and-implementation/
