IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.

Vulnerability management programs

Vulnerability Management Program: Insights From an Auditor

Vulnerabilities exist within all technology environments. NIST has developed several definitions for vulnerabilities, including a “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” As time passes, software vendors, threat actors, or security researchers, will inevitably find defects or vulnerabilities in the […]

Security & Privacy: You Can’t Have Privacy Without Security

Security & Privacy: You Can’t Have Privacy Without Security

In today’s world, great importance and attention are placed on personal privacy and, importantly, privacy over an individual’s personal information and data. The highly electronically connected world and easy availability of information on the internet and through information sharing between organizations raise the concern as to how individuals’ personal information and data are protected. There […]

SOC 2 Data Centers: Becoming compliant

How to Become a Compliant SOC 2 Data Center: Auditor Guidance

When determining a cloud hosting or colocation provider, customers want to have assurance that they are utilizing a safe, secure, and competent provider. As such, data center providers can undertake a number of IT audits or examinations in order to demonstrate to customers and prospects that they have controls in place to protect client data […]

What is HITRUST?

What is HITRUST? A Practical Guide to Certification

Our firm has been a HITRUST External Assessor Organization for several years and in that time we have successfully helped dozens of organizations obtain and maintain HITRUST certifications. We have identified common pitfalls and other barriers to success and we’ve also learned some keys to success. In this article, I’ll break down some of the […]

SOC benefits and audit value

SOC Benefits: Beyond the Value of SOC Compliance for Audits

Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.