IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.

Performing SOC 1 and SOC 2 audit reports in accordance with International Standards (ISAE 3000 & 3402)

International Standards for SOC 1 & SOC 2: ISAE 3000 & ISAE 3402

The evolution of technology and its increased use has led businesses around the world to become more interconnected and interdependent of one another than ever before. Companies of all sizes can now easily reach and serve organizations around the globe, rather than just their region or country. As services provided by service organizations are increasingly […]

Importance of vulnerability scans for SOC 2 audits

Vulnerability Scanning: Importance of Vulnerability Scans in SOC 2 Audits

In light of prevalent and ongoing public data breaches, understanding where an organization’s vulnerabilities are is of great importance for prevention and security. Conducting vulnerability scans are a key component in helping prevent successful external adversary attacks. In this article, I will discuss briefly what vulnerability scans are, the common types, and how they help […]

what is data classification?

What is Data Classification? Data Classification Levels and Compliance

Data classification is the underlying focal point of many compliance standards and requirements. Identifying, categorizing, and maintaining data protection can help achieve compliance requirements, reduce legal risk, prioritize the implementation of security controls, and in turn effectively allocate resources. Knowing what data your organization collects, uses, stores, processes, and transmits and the level of security […]

How to choose an auditor

Choosing an Auditor: How Do I Find a Good, Better, Best Auditor?

The client/auditor relationship is unique and strange. Basically, your organization is paying someone to look at your highly confidential information (e.g. financials, systems, processes, and controls) to provide an opinion on that information. I’m sure you’re already aware, but the opinion is not meant for the client, but rather for the readers of the audit […]

Audit deficiency analysis

Audit Deficiency Analysis: What Questions Should You Expect?

Are you interested in SOC services but unsure what will be asked from you if internal control deficiencies are found? We all know the scary words qualification or misstatement, but what about the less scary but still important term: deficiency. This is also known as “finding” or “gap” and a deficiency can also be an […]

AICPA peer reviews & standards

AICPA Peer Reviews – Who Audits the Auditor?

Do you ever wonder if the CPA firm your organization decides to use has the right type of experience when going through the engagement process? Well, one question you can ask is the last time the CPA firm went through the AICPA peer review program. In this post, we will discuss what an AICPA peer […]