IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, and FedRAMP assessments.

What is Hitrust Certification?

What is HITRUST Certification & What is Required for Compliance?

Health care related organizations who wish to demonstrate their compliance with HIPAA and other regulations are choosing more and more to become HITRUST compliant or certified. We know…another information security framework…great! In the past, health care organizations have either signed business associate agreements or verbally committed to their partners that they were HIPAA compliant and […]

FedRamp monitoring

FedRAMP Continuous Monitoring – What Are the Responsibilities of CSPs and 3PAOs?

Today’s information environments are always changing, whether through the development of new capabilities, patching systems, responding to new threats and vulnerabilities, or fixing discrepancies within the system. Each change to the system carries with it an inherent security risk. Therefore, that security risk must be evaluated in the context of the security posture of the […]

what are internal controls

Types of Controls

In the context of performing a System and Organization Control (SOC) audit, questions arise as to what are internal controls and what are the types of internal controls. Auditors often take it for granted that everyone knows and agrees on the definitions of internal controls. We wish it were so. Let’s go over the most […]