In principle, the ISAE 3402 statement focuses on the processes underlying the financial statements, as it is mainly used by accountants. Therefore, ensure that you have a scope that is sufficiently extensive for the users.
Organizations increasingly outsource processes or data to service providers. Processes that have no relation to financial processes are relevant for SOC 2 reporting. A SOC 2 report is an internal control report that focuses on controls at a service provider relevant to Security, Availability, Processing Integrity, and privacy. A SOC 2 report ensures that a service organization keeps data private and secure while processing, and that data is accessible at any time.