SOC 1 Type 2 reports are designed to audit the operational effectiveness of controls managed by a service provider over a specific period. But for on-premise or 3rd-party installations: 

Customer Control: The customer, not Broadcom, is responsible for installing, managing, and maintaining the system. Broadcom does not manage the servers, physical security, or data for on-premise instances.

Audit Scope: Because the data does not reside on Broadcom’s infrastructure, a financial auditor cannot rely on Broadcom’s SOC 1 report to validate the integrity of the customer's specific instance.

Exclusivity: Broadcom explicitly states that SOC 1 and SOC 2 reports are exclusive to their cloud services (SaaS) and are not applicable to on-premise or partner-hosted deployments.

Broadcom does not host the production PAM software used by customers (neither single or multi-tenant SaaS ). PAM is exclusively deployed by the customer on its own or 3rd party infrastructure so Broadcom has no obligation to provide a SOC 1 Type 2 report for an on-premise deployment of PAM