A Security Operations Centre (SOC) is a centralised unit—either in-house or outsourced—staffed by security analysts who monitor, detect, investigate and respond to cyber threats around the clock. The SOC leverages tools such as SIEM platforms, endpoint detection and response systems, and threat intelligence feeds to maintain continuous visibility over the organisation's security posture.
For many organisations, a SOC is essential for meeting the monitoring and incident response requirements of frameworks like ISO 27001 and SOC 2. Whether operated internally or provided as a managed service, the SOC must have clearly defined playbooks, escalation procedures and performance metrics to ensure that threats are identified and contained before they cause significant damage.