Most security operations centers (SOCs) today use security information and event management tools. When designing a SOC, security leaders must consider other factors too. These include business requirements, the skills of the analysts working in the SOC, the teams scope and responsibilities. The budget largely depends on the delivery model, such as on-premises or as a SaaS, it needs to be managed. The interaction with the computer security incident response team (CSIRT) process is also very important.”]
Source: https://securityintelligence.com/best-practices-for-designing-a-security-operations-center/