The AICPA Assurance Services Executive Committee (ASEC) has released a new set of Trust Services Criteria (TSP Section 100) for SOC 2, SOC 3, and SOC for Cybersecurity engagements. The organizational structure and level of detail documented in the new criteria are fairly different, but the general concepts remain fairly similar. Slight Name Change: Trust […]
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPPA reports, Royalty audits, and FedRAMP assessments.
Since November 2013 with the release of its initial rule on safeguarding covered defense information and cyber incident reporting, the Department of Defense (DOD) has been working to impose additional requirements on defense contractors that process, store, or transmit what is identified as covered defense information. The Defense Federal Acquisition Regulation Supplement (DFARS) clause 225.204-7012 […]
One of the areas we are required to evaluate on every HIPAA audit or compliance assessment is whether our client is compliant with HIPAA’s record retention requirements.
Risk management is a basic component of everything we do. Subconsciously, we assess and manage risk with each decision we make—from getting up in the morning to going back to sleep. So, in a way, most of us are already seasoned risk managers. Yet many find organizational risk management to be an overwhelming task. Managing […]
More and more companies are popping up that require their consumers to insert sensitive information into a cloud for safe keeping but is the cloud actually safe? This article will address that question and provide consumers some insight into steps they can take and what to look for to help ensure that their information is […]
In May 2018, the European Union will begin enforcing the General Data Protection Regulation or GDPR. If you have not heard of this before, consider this an introduction, because as we get closer to May 2018, there will be more and more discussions about data privacy and protection and what GDPR compliance is and how […]
The AICPA has recently developed a cybersecurity risk management reporting framework that is being added to the suite of System and Organization Controls (SOC) report offerings. This framework will assist organizations in communicating relevant and useful information about their cybersecurity risk management program. Companies need to be able to evidence that they can manage cybersecurity […]
The Public Company Accounting Oversight Board (PCAOB) is a regulatory board reporting to the SEC who oversees the audits of public companies. Congress created the PCAOB in 2002 with the Sarbanes-Oxley Act (SOX) in response to a series of accounting scandals, notably Enron and Worldcom, to tighten controls on the auditing industry.
Passwords have always been a hot topic of discussion both in and out of security circles. Users have always hated being forced to come up with schemes to meet the complexity rules, or change their password at defined intervals. The multitude of password requirements of the past have frustrated users and have led to bad […]
Recently, a client asked if we could provide them some insight on the similarities, differences, advantages, and disadvantages of getting a SOC 2 Security versus an ISO 27001 certification.