As a non-issuer (meaning we don't sell stock in our company), we aren't as rigidly restricted by the provisions of SOX (ex., we don't have to submit 10-K /10-Qs) but because it so profoundly affects the accounting industry in the US many of our business partners and stakeholders expect us to have fluency in SOX. We maintain many of the standards required by SOX voluntarily, as they're just good standards (ex. independence of audit committee), while others are imposed on us by standards upheld by our external auditors (ex. rotation of audit partners, no non-attest services provided by attestation firm, etc)--not that we object.
At this point, SOX has been around for two decades and it's just part of the framework that informs all of accounting.
On the other hand, if you're part of a publicly traded company, your entire job could revolve around SOX compliance, much like mine does. My role involves close collaboration with both internal and external auditors to ensure our company adheres to all external regulations. We strive to maintain effective internal controls, allowing external investors to make informed decisions based on our financial statements.