Compliance is defined in the dictionary as “the action or fact of complying with a wish or command.” That is a very simple definition for a complicated topic, especially when you consider all the demands and regulations companies are asked to be compliant with these days.
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, and FedRAMP assessments.
Compliance with the requirements of the HIPAA Security Rule starts with understanding how it is constructed. The HIPAA Security Rule is part of the overall HIPAA Privacy and Security Rule and is comprised of standards and implementation specifications. Each Security Rule standard is a requirement: a covered entity must comply with all of the standards […]
Health care related organizations who wish to demonstrate their compliance with HIPAA and other regulations are choosing more and more to become HITRUST compliant or certified. We know…another information security framework…great! In the past, health care organizations have either signed business associate agreements or verbally committed to their partners that they were HIPAA compliant and […]
Today’s information environments are always changing, whether through the development of new capabilities, patching systems, responding to new threats and vulnerabilities, or fixing discrepancies within the system. Each change to the system carries with it an inherent security risk. Therefore, that security risk must be evaluated in the context of the security posture of the […]
In the context of performing a System and Organization Control (SOC) audit, questions arise as to what are internal controls and what are the types of internal controls. Auditors often take it for granted that everyone knows and agrees on the definitions of internal controls. We wish it were so. Let’s go over the most […]
The ten generally accepted privacy principles that are essential to the proper protection and management of personal information are:
The definition of attestation is to affirm to be correct. In accounting, an attestation engagement is the process of providing an opinion on published financial and other business information of a business, public agency or other organization.
Mobile devices are everywhere, according to Pew Research, around 77% of all Americans own a smartphone and more and more people are relying on mobile devices for both work and play. With the mass adoption of mobile devices, companies are becoming increasingly reliant on a mobile workforce because mobile devices offer the capability for companies […]
There are five trust services criteria that can be included in a SOC 2 report, including: security, availability, processing integrity, confidentiality, and privacy (see definitions from the AICPA below). Only one of the five criteria is required in the SOC 2 — security. The other four trust services criteria are optional, and we get many […]
The AICPA Assurance Services Executive Committee (ASEC) has released a new set of Trust Services Criteria (TSP Section 100) for SOC 2, SOC 3, and SOC for Cybersecurity engagements. The organizational structure and level of detail documented in the new criteria are fairly different, but the general concepts remain fairly similar. Slight Name Change: Trust […]