Although an SOC can be set up by the organisation itself as another internal and integrated component of its IT infrastructure, the vast majority of cases involve the introduction of an SOC through an external provider due to the organisation lacking the knowledge and expertise to properly implement an SOC themselves.