A SOC (Security Operations Center) is a centralised team — often with its own facility — that monitors, analyses, and responds to security events around the clock. The SOC leverages SIEM systems, threat-intelligence feeds, and incident-response playbooks. Analysts assess incoming alerts, escalate confirmed incidents, and coordinate the response. You can run a SOC in-house or engage a managed security service provider (MSSP). In an ISMS the SOC is the operational hub for security monitoring per ISO 27001 Annex A 8.15-8.16.