IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.

What are internal controls

What Are Internal Controls? The 4 Main Types of Controls in Audits (with Examples)

Internal controls (which include manual, IT-dependent manual, IT general, and application controls) are essential process steps that allow for one to determine or confirm whether certain requirements are being done per a certain expectation, law, or policy. Additionally, internal controls allow auditors to perform tests to gain assurance that a process is designed and operating […]

The definitive guide to the HITRUST certification process

The Definitive Guide to the HITRUST Certification Process

Preface: In October and December of 2021, the HITRUST Alliance released a series of press releases addressing upcoming changes which include the rollout of new assessment types. This article is updated and based on the latest information available as of January 2022 and will be revised as necessary to provide enhanced clarity. What is HITRUST […]

SOC 2 audits & control environment criteria

SOC 2 and the Control Environment: Understanding the Criteria

When contemplating or preparing for a SOC 2 examination, the initial effort is generally focused on implementing information technology (IT) controls and processes over infrastructure and software, which are core to the system being addressed by the SOC 2 examination. While this is a significant portion of the SOC 2, many organizations are surprised to […]

What is a security operations center (SOC)

What is a Security Operations Center (SOC) & Why Should You Invest in One?

In our increasingly digital world, cybersecurity is critical to ensure the security, availability, and confidentiality of customer data. Recent events around the world, such as the ransomware attack that forced the shutdown of the nation’s biggest fuel pipeline in May 2021, should be sufficient cause for all businesses to place cybersecurity as their top priority. […]

Cybersecurity trends for 2022

New Trends in Cybersecurity: What to Watch for in 2022 & Beyond

As the year comes to an end, it’s important to reflect on the cyber events that captured headlines in 2021 and understand the root causes, impacts, responses, and more importantly, the lessons learned from those events. The following four cyber trends highlight areas that justify increased scrutiny and attention as we transition to the new […]

How SOC 2 software tools affect SOC audits

SOC 2 Software Tools: How They Affect the SOC Audit Process

Over the last several years there has been a growth in the offering of SOC 2 software tools or, also thought of as SOC 2 compliance monitoring tools (of which these terms will be used interchangeably throughout this article). These tools provide functionality and support designed to help a service organization attain SOC 2 compliance. […]

Types of penetration tests and tools

Types of Penetration Tests: A Look at Different Pentest Techniques & Tools

We have a few blogs written on penetration testing. These blogs include information on the steps or phases to properly conduct a penetration test, how penetration tests relate to satisfying SOC 2 requirements, information on how penetration testing compares to vulnerability assessments, and more. Feel free to check out these related blogs: External Penetration Testing […]

Change management for service organizations

Change Management for Service Organizations: Process, Controls, Audits

What is Change Management? Change management is a standardized process by which all changes, including application code and infrastructure changes, are introduced into a production IT environment in a controlled and repeatable manner that ensures only authorized changes are being deployed. Example changes include bug fixes, new features, system upgrades, and patching. For service organizations, […]