As A Part of PCI knowledge security benchmarks, Bodily cardholder information will have to also be stored within a safe locale, for instance a locked place or storage area with restricted access. The difference between the different sorts of SOC audits lies inside the scope and length on the evaluation: https://www.nathanlabsadvisory.com/fisma.html