IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.

HIPAA Security Rule Requirements

HIPAA Security Rule Requirements & Implementation Specifications

Compliance with the requirements of the HIPAA Security Rule starts with understanding how it is constructed. The HIPAA Security Rule is part of the overall HIPAA Privacy and Security Rule and consists of standards and implementation specifications. Per HIPAA Security Safeguards: Each Security Rule standard is a requirement: a covered entity must comply with all […]

Deconstructing SSAE 18/SOC 1/SOC 2 (formerly SAS 70)

Deconstructing SSAE 18/SOC 1/SOC 2 (formerly known as SAS 70 / SSAE 16) Audit Reports

Many U.S. companies receive what, until recently, were called SAS 70 audit reports from certain types of vendors. These reports come out once a year, typically in the late Fall. While most organizations do a good job of recognizing the need to request these reports, often they are not properly reviewed and evaluated when received. So, what do you do with the report once it has been received other than give it the internal and external auditors?

SOC report guide

SOC Audit Report Overview: The Definitive Guide

A SOC (System and Organization Controls) report is a report on controls at a service organization related to various types of subject matter, for example: controls that affect user entities’ financial reporting; controls that affect the security, availability, and processing integrity of the systems; or the confidentiality or privacy of the information processed for user entities’ clients.


Materiality in Auditing: How to Prepare For Your Audit

Determining materiality in an attestation audit can be challenging when the scope of the audit cannot be quantitatively measured. As stated in an AICPA Discussion Paper, “When providing assurance services, it’s important that practitioners understand what information will most significantly impact stakeholders’ decision-making process, which is central to a practitioner’s consideration of engagement materiality.” In […]

National Cybersecurity Awareness Month

October Is National Cybersecurity Awareness Month (NCSAM): How It Helps You

I think most people would agree that 2020 has seen several changes to normal. When we first consider this new normal, we remember the bad things – the coronavirus pandemic, face masks, closed businesses, and everyone’s favorite: quarantine. But there have been some good things to come about during this year of change. We have […]

Importance of endpoint security

What is Endpoint Security? Why is it Important?

“Why wash your hands?” “How to Protect yourself and others.” These are headlines that I recently ran across while browsing daily news updates. For months, we’ve been bombarded with advice and guidance on how to stay healthy during the COVID-19 pandemic. While the guidance may vary, the topic of handwashing and avoiding hand contact (i.e. […]

Understanding audit assurance

A Guide to Audit Assurance: How Do Assurance, Attestation, and Auditing Fit Together?

In the world of accounting and audit services, assurance, attest, and audit play key roles. The question often arises: What is audit assurance? What is the difference between these three terms? How do they relate or complement each other? A definition check with Merriam-Webster provides the following: Assurance: the state of being assured: such as […]

benefits of hitrust certification

The Benefits of HITRUST Certification: Understanding HITRUST vs HIPAA

In previous blog articles, we have covered HITRUST certification and compliance requirements, understanding the HITRUST certification process, and scoring HITRUST CSF controls, but one question we hear constantly is, “What is the benefit of getting HITRUST certified?” Additionally, we hear a lot of “How does a HITRUST certification differ from HIPAA compliance?” This blog will […]