Test That the auditor is independent from the vendor. Independence policies prohibit auditors from creating the controls they audit or having money interests in the business they’re analyzing. That’s a conflict of curiosity you ought to steer clear of. Rely on Services Requirements were created these that they can provide https://calvant.com/blog/iso-27001-vs-soc-2-comparison-differences-benefits