This blog post is meant to provide details on patch management including the importance of a documented patch management process, how to implement the process successfully, and some common issues and roadblocks to avoid when doing so. What is a Patch & Why is Patch Management so Important? A patch is a piece of code […]
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.
The description of a service organization’s system in a SOC 2 report is required to be prepared and assessed utilizing the description criteria guidance put forward by the American Institute of Certified Public Accountants (AICPA). The description criteria will be discussed in this blog to provide guidance on the factors to consider when describing a […]
The task of internal audit planning can be overwhelming and involve many individuals. Sometimes it is difficult to even know where to begin. In this article we will break down a few of the common questions when it comes to an internal audit, elaborate on the key steps to the internal audit planning phase, and […]
Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.
Questions are frequently being asked of organizations that provide products or services regarding the processes and controls included in their supply chain activities (the activities involved to transform a raw material or natural resource into a finished good). If your company has experienced this, you are not alone. The need for organizations to understand supply […]
How bad is a qualified report? This question comes up almost every time a qualified report is issued to a service organization.
“What are the responsibilities of management and the auditor in relation to internal control?” is a question we often hear from our clients and potential clients. We’ve talked a lot about what the auditor’s responsibilities are in an audit, but what about company management’s responsibilities in an audit? If you sign up for a SOC […]
Type 2 SOC engagements (for both SOC 1 audits and SOC 2 audits) require walkthroughs and testing of the controls in place at the service organization to be able to opine on the suitability of the design and the operating effectiveness of controls during the period under review. Each control objective or criteria has a […]
It is a misconception that the job of an auditor can be summed up to individuals that examine financial records with the goal of forming an opinion about the fairness of information presented within a company’s financial statements
Healthcare is a complicated topic. When the term is raised, the altruists among us focus on helping their fellow man. But like any endeavor managed by people, there is a business aspect to it. The business of healthcare faces the same problems as other types of businesses. It must operate efficiently, securely, and offer something […]