The RSI Security web site breaks down the actions in some detail, but the method in essence goes such as this: Features a new illustrative report that may be applied when performing and reporting on the SOC two+ examination. For those who combine with Stripe working with additional methods listed https://www.nathanlabsadvisory.com/blog/tag/vulnerability-assessment/