Are you interested in SOC services but unsure what will be asked from you if internal control deficiencies are found? We all know the scary words qualification or misstatement, but what about the less scary but still important term: deficiency. This is also known as “finding” or “gap” and a deficiency can also be an […]
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.
This blog is being written to address a topic that has been around for a number of years in the SOX world, but is now becoming more relevant in the SOC world of testing. Why, you might ask, is it becoming more relevant in the SOC world? The reason is simple: because when an entity’s […]
Has one or more of your customers requested that you undergo a SOC 2 audit? If so, you may be asking yourself, what is a SOC 2 report and how do I become SOC 2 compliant? Is there a SOC 2 compliance checklist I can use to prepare? The answers are not as straightforward as […]
Linford & Company specializes in helping service organizations go through their Service Organization Control (SOC) review the first time.
Do you ever wonder if the CPA firm your organization decides to use has the right type of experience when going through the engagement process? Well, one question you can ask is the last time the CPA firm went through the AICPA peer review program. In this post, we will discuss what an AICPA peer […]
Amazon Web Services (AWS) is an ever-evolving cloud services platform that continues on its path to remaining the market leader in cloud infrastructure. If you use AWS services, you have an idea of what we’re talking about. However, are you sure you’re using all the AWS tools possible for SOC 2 compliance? Do you know […]
If you’re an information security professional, there’s a good chance you’ve already heard about the MITRE ATT&CK framework. If it’s something you haven’t heard of, or if you haven’t found the time to dive into its vast trove of information, it’s never too late to start! The following are some of the most common questions […]
When considering controls for an organization, it may not be known that there are more than one level or type of control. To manage their business operations, organizations will have entity-level, divisional, regulatory, transaction-level, and process-specific controls to name a few. Of these controls, entity-level controls are considered to be a crucial part when: one […]
There is one question on everyone’s mind when they learn that they need to get a SOC report for one of their clients… How much is this going to cost? Chances are, if you are reading this, then you have the same question. You may read or hear that the cost of a SOC 2 […]
This blog post is meant to provide details on patch management including the importance of a documented patch management process, how to implement the process successfully, and some common issues and roadblocks to avoid when doing so. What is a Patch & Why is Patch Management so Important? A patch is a piece of code […]