As Element of PCI knowledge security specifications, Actual physical cardholder information will have to also be stored in the secure locale, such as a locked room or storage location with limited access. The difference between the different types of SOC audits lies within the scope and duration from the evaluation: https://www.nathanlabsadvisory.com/cism-certified-information-security-manager.html
