ISO27K
ISO27K is sort of like conducting gap analysis. The intention is to check what you don’t have and how can you improve it.
SOC2
The purpose of SOC2 is to evaluate your existing product if there are effective.
CIS Controls
CIS controls basically focus on your system, infrastructure and data only. It’s conducted within the organization without involving third-party auditor