Type 2 SOC engagements (for both SOC 1 audits and SOC 2 audits) require walkthroughs and testing of the controls in place at the service organization to be able to opine on the suitability of the design and the operating effectiveness of controls during the period under review. Each control objective or criteria has a […]
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.
It is a misconception that the job of an auditor can be summed up to individuals that examine financial records with the goal of forming an opinion about the fairness of information presented within a company’s financial statements
Healthcare is a complicated topic. When the term is raised, the altruists among us focus on helping their fellow man. But like any endeavor managed by people, there is a business aspect to it. The business of healthcare faces the same problems as other types of businesses. It must operate efficiently, securely, and offer something […]
This article was originally published on 11/22/2017, and was updated on 12/29/2020. We frequently are asked by our clients and prospective clients, “What are SOC 1 reports and when they should be considered?” Our response is usually a question, “How does your service impact the financials of your clients?” In some cases, the prospective client […]
There’s nothing like another significant security breach to once again remind us all that, whether we like it or not, security has to remain top of mind and a priority for businesses, organizations, and individuals alike. News of the U.S. Treasury and Commerce Depts. hack, also referred to as the active exploitation of SolarWinds software, […]
When presented with the task of an audit being performed, the questions that the auditor and auditee have are: What is the objective of the audit? What is to be achieved? What is the need of the users of the output of the audit? Identifying Suitable Criteria Every audit is an evaluation of subject […]
The Oxford dictionary defines an assertion as “a confident and forceful statement of fact or belief.” Making an assertion is often used synonymously with stating an opinion or making a claim. While assertions are made in all aspects of life, most people think of a company’s financial statements or the financial statements audit when they think of assertions in an accounting or business setting.
The Cloud Security Alliance is a non-profit organization that promotes the use of best practices for providing secure cloud computing. Since 2010, the CSA has released four versions of a free Cloud Controls Matrix for public use.
If you are being asked to obtain a System and Organization Controls (SOC) report by your existing user entity or a potential user entity, you may question whether you should obtain a SOC 1, SOC 2, or SOC 3 report. You may also wonder whether it should be a Type 1 or a Type 2 […]
Compliance with the requirements of the HIPAA Security Rule starts with understanding how it is constructed. The HIPAA Security Rule is part of the overall HIPAA Privacy and Security Rule and consists of standards and implementation specifications. Per HIPAA Security Safeguards: Each Security Rule standard is a requirement: a covered entity must comply with all […]