Has one or more of your customers requested that you undergo a SOC 2 audit? If so, you may be asking yourself, what is a SOC 2 report and how do I become SOC 2 compliant? The answers are not as straightforward as you may have hoped as no SOC 2 report is the same. […]
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.
In performing SOC audits for Linford & CO, the clear majority of organizations do a great job providing reasonable assurance they are meeting all their controls. But I wanted to hit on a list of seven common mistakes that seem to pop up to hopefully help your organization identify them before they become
As the popularity of cloud computing has increased over the last decade, so has the maturity of standards used to govern these resources. This article will provide a definition of cloud computing and cloud computing audit, the objectives of cloud computing, the scope of a cloud computing audit and understanding cloud compliance, and audit steps […]
Some people may not believe this, but information security’s purpose is, or should be, to serve the business and help the company understand and manage its overall risk. Sure, there are some security professionals that appear to have the goal of spending as much money as possible and getting the latest and greatest software, and there are also some that like to say “no”…for everything…all the time, but the good ones are there to help.
“What is HITRUST?” is typically the first question asked of Linford by organizations exploring HITRUST for the first time. Formerly, HITRUST stood for Health Information Trust Alliance but recently it rebranded to simply HITRUST to align with changes to the “framework” making it industry agnostic (more below). HITRUST is an organization and a security framework. […]
A FedRAMP Readiness Assessment is an opportunity for Cloud Service Providers (CSP) targeting government clients to demonstrate that they are ready to begin the FedRAMP process in earnest. With the end goal being a Provisional ATO (P-ATO) from the Joint Authorization Board (JAB) or an ATO granted by a Federal Agency, CSPs, through the […]
Every year as summer draws to a close, one of the most sought-after topics for discussion that clients, business associates, and others reach out to our firm about is regarding Gap Letters— sometimes called Bridge Letters.
There are five Trust Service Principles (TSPs) that can be included in the scope of a SOC 2 examination.
The definition of attestation is to affirm to be correct. In accounting, an attestation engagement is the process of providing an opinion on published financial and other business information of a business, public agency or other organization.
According to ISACA’s State of Cyber Security 2019, 72% of organizations have a chief information security officer (CISO). Also, in that study, only 55% of organizations have an increasing security budget. For many small and mid-sized organizations, budgets are already tight, and hiring a full-time CISO may seem like a luxury. So how does an […]