IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.

Understanding audit assurance

A Guide to Audit Assurance: How Do Assurance, Attestation, and Auditing Fit Together?

In the world of accounting and audit services, assurance, attest, and audit play key roles. The question often arises: What is audit assurance? What is the difference between these three terms? How do they relate or complement each other? A definition check with Merriam-Webster provides the following: Assurance: the state of being assured: such as […]

benefits of hitrust certification

The Benefits of HITRUST Certification: Understanding HITRUST vs HIPAA

In previous blog articles, we have covered HITRUST certification and compliance requirements, understanding the HITRUST certification process, and scoring HITRUST CSF controls, but one question we hear constantly is, “What is the benefit of getting HITRUST certified?” Additionally, we hear a lot of “How does a HITRUST certification differ from HIPAA compliance?” This blog will […]

The DOD CMMC: What you need to know

The DoD CMMC: What You Need to Know

On December 31, 2017, compliance with the Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 (Revised Oct 21, 2016), Safeguarding Covered Defense Information and Cyber Incident Reporting became mandatory for all contractors (and subcontractors). Since then, the Department of Defense (DoD) has been striving to improve the security within the defense industrial base, or DIB. […]

VPN encryption protocols

Guide to VPN Encryption Protocols: How Does Encryption Work?

In today’s digital world and with many individuals working remotely and executing transactions over the internet, you may wonder how secure your connection is and if your information and that of your employer remain private. Unscrupulous individuals want your private data and your company’s data. Nonpublic data is valuable and if it can be sold […]

Understanding compliance automation tools

Understanding Compliance Automation Tools: Can You Automate SOC 2 Compliance?

The concept of continuous compliance monitoring has been around for many years. Continuous compliance monitoring can be stronger than traditional snapshot-in-time audits. Most traditional audits happen annually and auditors take the point in time evidence as well as evidence samples to gain assurance controls were in place over time. When auditors select samples, even the […]

Security awareness training

Security Awareness Training: Implementing End-User Information Security Awareness Training

Exposing employees to the security threats that exploit businesses, seemingly weekly these days, can help companies protect themselves against those threats. This blog will present the importance of security training, options, and resources, and the frequency that training should be provided. What is Security Awareness Training? Security awareness training is the process of providing information […]