As someone who had to cobble together a soc2 program - this is mostly true. At a large enough firm, soc2 is useful as a base level of operations integrity which lots of small firms lack.

If you have not reached that level as a firm, a good and recent pen test does the trick.