IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.

How much does a SOC audit cost?

How Much Does A SOC Audit Cost?

There is one question on everyone’s mind when they learn that they need to get a SOC report for one of their clients—How much does a SOC audit cost? Chances are, if you are reading this, that you have the same question. There are three components that make up the total cost to get a […]

Confidentiality trust services criteria

Confidentiality Trust Services Criteria in a SOC 2

The available Trust Services Criteria (TSC) as defined by the American Institute of Certified Public Accountants (AICPA) that are options to be included in a SOC 2 audit are the following: Security (also known as common criteria). Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could […]

HIPAA compliance audits

A Summarized Guide to HIPAA Compliance Audits

If you hold protected health information for your clients, either in electronic (ePHI) or hard copy form (PHI), you must comply with the Health Insurance Portability and Accountability Act (HIPAA). In some cases, a client may have asked that you sign a business associate agreement or BAA. When signing a BAA, you commit to follow […]

Information Security Policies and why they are important

Information Security Policies: Why They Are Important To Your Organization

In a previous blog post, I outlined how security procedures fit in your overall information security documentation library and how they provide the “how” when it comes to the consistent implementation of security controls in an organization. This blog post takes you back to the foundation of an organization’s security program – information security policies […]

Availability Trust Services Criteria in a SOC 2 Audit

The available Trust Services Criteria (TSC) as defined by the American Institute of Certified Public Accountants (AICPA) that can be included in a SOC 2 audit are the following: Security. Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy […]