I am not sure if this is the right forum to ask this question.
We are a startup having customers in 4 different locations. Our customers are being served from cloud - hosted in 4 different data centers in different locations. We have a requirement of SOC-2 for the customers of a particular location e.g. customers of USA.
Is it possible to keep the scope of SOC-2 to US data centers? It is hard for us to prepare ourselves for all data center at this stage of the company.
We have confirmed this with our auditors that scope can be limited to one location.