In its simplest form, a royalty audit is a financial inspection that determines whether a licensee (user of a patent/license/franchise) is paying the licensor (owner of the patent/license/franchise) the correct amount of royalty fees.
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.
A request for proposal has just come out that is in your company’s wheelhouse but instead of only requiring HIPAA, the proposal suggests that those who are HITRUST compliant either receive more consideration or may be the only proposals considered at all. What happens now? Are you prepared? Do you know what that means? It […]
The International Organization for Standardization (ISO) is an independent, non-governmental organization made up of members from the national standards bodies of over 160 countries that set international standards related to products and services.
Our firm has been a HITRUST CSF assessor for nearly a year and we have numerous lessons learned. We have seen common pitfalls as well as identified what is needed to make HITRUST compliance achievable, even for a small company. This article will summarize what we have learned about HITRUST and the process for HITRUST […]
It is hard to read tech news today without coming across something regarding the cloud – and rightfully so. The cloud (or cloud computing) has become such an integral part of today’s technology world that it is hard to imagine where we would be without it. The ability to provision and promote to operations networks, […]
Many of our clients and prospects get asked for a “SOC report” without any further clarification. Also, many get asked for a SOC 1 and a SOC 2… so how do they know what they need? Do they need both? Just one? We get these questions all the time, and with a quick conversation, we […]
Each online business application has their own set of assets that need to be protected in order for them to maintain privacy of information and maintain a positive reputation in the eye of clients or consumers. In the post, we will discuss the principles of security and privacy, define terms used to complete risk assessments, […]
This article addresses the what, when, why, and who’s related to letters of representation for audits, specifically SOC audits. What is a Letter of Representation? A letter of representation (a.k.a., representation letter, rep. letter, LOR) in audit services is a form letter from the American Institute of Certified Public Accountants typically prepared by the external […]
So you have built a Software-as-a-Service (SaaS) application on top of AWS or another infrastructure-as-a-service provider. It’s likely one of the reasons you did so was to leverage the AWS SOC 2 compliant infrastructure. Service organizations like AWS receive SOC 2 reports to demonstrate to stakeholders such as investors and clients that the AWS infrastructure […]
In the cyber-security industry, the only constant, it seems, is change. The threat landscape is always shifting as cyber criminals seek new ways to exploit individuals, corporations, and nations themselves. One significant shift in the threat landscape is with cryptojacking. While the impact to individuals and organizations is not maleficent like ransomware or theft or […]