What is an Internal Audit? The Institute of Internal Auditors (IIA) defines internal audit as the “independent, objective assurance, and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and […]
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, HITRUST and FedRAMP assessments.
Avoiding HITRUST Readiness Assessment Pitfalls
Healthcare is a complicated topic. When the term is raised, the altruists among us focus on helping their fellow man. But like any endeavor managed by people, there is a business aspect to it. The business of healthcare faces the same problems as other types of businesses. It must operate efficiently, securely, and offer something […]
IT Audits 101: Professional Guidance From an IT Auditor
In the ever-evolving landscape of technology, organizations rely heavily on their information systems and digital infrastructure to operate efficiently and securely. However, with technological advancements come new risks and vulnerabilities. To determine the integrity, availability, and confidentiality of data, organizations turn to Information Technology (IT) audits—a systematic evaluation of their IT systems and controls. In […]
What are the Benefits of Using VPN Encryption?
In today’s digital world and with many individuals working remotely and executing transactions over the internet, you may wonder how secure your connection is and if your information and that of your employer remain private. Unscrupulous individuals want your sensitive private data such as your personally identifiable information (PII) and your electronic protected health information […]
Assess, Remediate, & Prevent Audit Deficiencies – The Internal Control Deficiency Lifecycle
Are you interested in SOC services but unsure what will be asked from you if internal control deficiencies are found? We all know the scary words “qualification” or “misstatement”, but what about the less scary but still important term: deficiency? This is also known as a “finding” or “gap” and a deficiency can also be […]
SOC Report Benefits Beyond Compliance: The Value of SOC Reporting
Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.
SOC for Supply Chain: Professional Guidance for Supply Chain Audits
Software supply chain attacks increased by 650% during 2021. In addition, Gartner® predicts that by 2025 “45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.” The need for users to understand supply chain processes and the controls that exist to minimize risks around supply chain activities […]
A SOC 2 Compliance Checklist Doesn’t Exist, But Guidance Does
Has one or more of your customers requested that you undergo a SOC 2 audit? If so, you may be asking yourself, what is a SOC 2 report and how do I become SOC 2 compliant? Is there a SOC 2 compliance checklist I can use to prepare? The answers are not as straightforward as […]
What is a SOC 1 Report? Expert Advice for Audit Compliance
We frequently are asked by our clients and prospective clients, “What are SOC 1 reports and when they should be considered?” Our response is usually a question, “Can your service impact the financial statements of your clients?” In some cases, the prospective client has an immediate answer and describes the financially relevant process. In other […]
SOC 1 vs. SOC 2 – How They Are Different & Which Report You Need
Many of our clients and prospects get asked for a “SOC report” from their clients or customers without any further clarification. Also, many get asked for a SOC 1 and a SOC 2… so how do they know what they need? Do they need both? Just one? We get these questions all the time, and […]