IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.

Mobile device management

Mobile Device Management (MDM): Securing Your Mobile Workforce

Benefits and risks of a mobile workforce and strategies to help mitigate associated risks. Shopping for a mobile device management solution for your organization or simply considering bring your own device (BYOD)? Well, we all know the convenience and benefits regarding the use of mobile devices in an organization, some of which include: increased productivity […]

HIPAA risk assessment

HIPAA Risk Assessment: Security Compliance vs Risk Analysis – What is the Difference?

Throughout 2018 and 2019, the OCR has identified the failure to conduct and adequate risk assessment as a key finding in nearly half of their settlements. Making it the largest single source of identified HIPAA violations. Many organizations undergo some level of third party reporting on their compliance with the HIPAA security rule. Generally these […]

Logging and monitoring

Logging and Monitoring – An Essential Part of Every Security Program

We live in a complex world with seemingly continual headlines of breaches, hacks, and other nefarious online activity. Security programs must be robust enough to address the continual threats bombarding organizations today. Security practitioners have a lot on their plate — identification and authentication, access control, encryption of data in transit and at rest, data […]

What is an integrated audit?

What is an Integrated Audit? Assessing Internal Controls

An integrated audit incorporates the review of internal controls into the overall audit of the financial statements, which is now a requirement for public companies. Since the Sarbanes-Oxley Act came into effect, management is responsible for establishing, maintaining and reporting on an internal control structure and procedures for financial reporting, and auditors are required to asses this internal control structure.

What is the PCAOB?

What is the PCAOB? Auditing Standards & Inspection Reports

The Public Company Accounting Oversight Board (PCAOB) is a regulatory board reporting to the SEC who oversees the audits of public companies. Congress created the PCAOB in 2002 with the Sarbanes-Oxley Act (SOX) in response to a series of accounting scandals, notably Enron and Worldcom, to tighten controls on the auditing industry.