Having a plan in place to backup pertinent information to keeping a business running in the event information becomes unavailable for use is an important concept of business continuity. This blog will provide a definition and importance of corporate data backups, outline solutions options, and define best practices used for defining a corporate data backup […]
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, and FedRAMP assessments.
Type II SOC engagements (for both SOC 1 audits and SOC 2 audits) require walkthroughs and testing of the controls in place at the service organization to be able to opine on the suitability of the design and the operating effectiveness of controls during the period under review. Each control objective or criteria has a […]
Chances are, if you are reading this, that you are considering obtaining a HITRUST Certification. This post will walk you through the HITRUST certification process. You will learn the major steps needed to prepare, be assessed, and obtain the certification. We will also highlight some of the pitfalls to avoid along the way. If you […]
As the popularity of cloud computing has increased over the last decade, so has the maturity of standards used govern these resources. This article will provide a definition of cloud computing and cloud computing audit, the objectives of cloud computing, the scope of a cloud computing audit, and audit steps to expect. Cloud Computing Definitions […]
Have you ever heard of Edward Snowden? How about the semi-recent Waymo/Levandowski saga? These are both examples of insider attacks. While these are high profile examples, there are also hundreds, thousands, dare I say millions more out there that are not reported on in mainstream media. When talking to a lot of security professionals, a […]
We are frequently asked how long it takes to complete a SOC examination. Unfortunately there is not an answer that fits for every examination because every service organization is different. But, if an organization has controls in place the average time taken for a SOC examination is typically one to three months for Type I reports, and six to 12 months for Type II reports. If controls are not in place, the examination can take longer.
A recent settlement between the US Department of Health and Human Services’ Office of Civil Rights (OCR) and an orthopedic clinic highlights the importance of executing a HIPAA business associate agreement with appropriate third party services providers.
The Federal Information Security Management Act (FISMA) was originally released in December 2002 and established the importance of information security principles and practices within the Federal Government, noting that information security was “critical to the economic and national security interests of the United States.
This article is a follow-up to a previous article, “What is a Soc 1 Report?” Below I will cover some common questions that come up related to SOC 2 reports. SOC 2 compliance does not have to be difficult although with some of the terminology it can initially be confusing. So what are SOC 2 […]
Every year as summer draws to a close, one of the most sought-after topics for discussion that clients, business associates, and others reach out to our firm about is regarding Gap Letters— sometimes called Bridge Letters.