The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
A few years ago, during a SOC 2 audit for a mid-sized SaaS company, we noticed a gap: their patch management program looked solid on paper, but the execution was flawed. The client had a policy that mentioned monthly updates, a ticketing system for patch deployment, and even a patch management report that was presented […]
In performing SOC audits for Linford & CO, the clear majority of organizations do a great job providing reasonable assurance they are meeting all their controls. But I wanted to hit on a list of seven common mistakes that seem to pop up to hopefully help your organization identify them before they become
Many of our clients have built a Software-as-a-Service (SaaS) application on top of AWS and are leveraging AWS controls as part of their systems environment. One reason our clients do this is to leverage the AWS SOC 2-compliant infrastructure. Service organizations like AWS have their own SOC 2 report to provide assurance to stakeholders that […]
Many U.S. companies receive what, until recently, were called SAS 70 audit reports from certain types of vendors.
With cyber threats evolving at an unprecedented rate, everyone must adopt robust security frameworks to protect sensitive information. One of the most widely recognized and implemented information security standards is ISO/IEC 27001:2022 (commonly referenced as “ISO 27001”). This internationally accepted standard provides a systematic approach to managing sensitive company and customer data, ensuring confidentiality, integrity, […]
For decades, personal computers have been the backbone of work, creativity, and communication. From the early desktops of the 1980s to the sleek ultrabooks and gaming rigs of today, PCs have played an essential role in modern life. However, we are now on the cusp of a major technological shift that will render traditional personal […]
AI agents are no longer a futuristic concept—they are actively reshaping business operations and revolutionizing auditing processes. Companies are leveraging these autonomous AI systems to automate workflows, enhance decision-making, and optimize security practices. But with rapid adoption comes significant challenges: compliance risks, ethical considerations, and security vulnerabilities that auditors must address. From customer service chatbots […]
In this article, we will cover some common questions that come up related to SOC 2 reports. SOC 2 does not have to be difficult although, with some of the terminology, it can initially be confusing. So what are SOC 2 reports? Let’s dive in! With today’s prevalence of cloud computing, information security and the […]
In today’s evolving technological landscape, businesses are increasingly turning to automation to enhance efficiency and reduce operational costs. Two prominent technologies in this domain are Robotic Process Automation (RPA) and Artificial Intelligence (AI). While both aim to streamline business processes, they differ significantly in their capabilities and applications. This article explores the distinctions between RPA […]
What is HITRUST Certification? Founded in 2007, HITRUST issues certifications to businesses and organizations that are independently assessed for compliance with its Common Security Framework (CSF). An organization can obtain HITRUST certification when all the required controls are fully implemented within the scoped environment. The HITRUST CSF is designed for use by a variety of […]
