Within this blog post, we will discuss the importance of knowing how to read an information security standard ISO certificate received from an ISO-certified entity. The knowledge gained from this blog will assist readers in determining that the certificates they obtain are valid. Receipt of a valid ISO certification certificate from a vendor or subservice […]
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
Access Control Management – Guidance for Audit Compliance
One of the key points of focus when it comes to security compliance is the strength of access management controls. Whether your organization is aiming for compliance with the AICPA’s SOC criteria, NIST framework, GDPR, or HIPAA certification, to name a few, access controls play a key role in the internal control environment. Throughout this […]
AI & Security: How Will It Affect Your Organization?
In today’s ever-changing digital landscape, cybersecurity is of utmost importance. As technology progresses, so does the creativity of cybercriminals. With programs like ChatGPT, people are beginning to wonder what role AI plays in cybersecurity, the threat AI poses to their IT infrastructure, and how they can stay ahead of the risk. Shall We Play A […]
What is Data Classification? Levels, Compliance, & Standards to Follow
Data classification is the underlying focal point of many compliance standards and requirements. Identifying, categorizing, and maintaining data protection can help achieve compliance requirements, reduce legal risk, prioritize the implementation of security controls, and in turn effectively allocate resources. What Is Data Classification & Why Is it Important? Knowing what data your organization collects, uses, […]
Business Continuity Planning: Why It’s Essential for Sustainable Success
In today’s fast-paced business environment, organizations face numerous risks and uncertainties that can disrupt their normal operations. What do you do and how do you respond when a disaster hits that causes a disruption or outage of your services? From natural disasters to cyberattacks, these unforeseen events can have devastating consequences on business operations and […]
What is a SOC 2 Report? Who Needs a SOC 2 Audit?
With the proliferation of data breaches and hacks that occur today, it’s no wonder there is a greater focus on information security. SOC 2 reports are general use reports that provide assurance to user organizations and stakeholders that a particular service is being provided securely. A SOC 2 can also include criteria related to Availability, […]
What is SOC 2? An Expert’s Guide to Compliance & Certification
Today, information security is of greater concern and importance than ever before, and that’s saying a lot! Every day there are new data breaches reported costing companies billions of dollars in combined losses. IBM recently published the 2023 Cost of a Breach article and notes the cost of a breach to be an average of […]
Understanding Audit Procedures: A Guide to Audit Methods & Test of Controls
Type II SOC engagements (for both SOC 1 audits and SOC 2 audits) require walkthroughs and testing of the controls in place at the service organization to be able to opine on the suitability of the design and the operating effectiveness of controls during the period under review. Each control objective or criteria has a […]
How to Maintain Your HITRUST Certification: Professional Guidance
After months of preparation, your organization successfully navigated a HITRUST-validated assessment and achieved HITRUST certification – but what comes next? This article will focus on some general practices and techniques that will allow your organization to continually improve the information security posture of the organization in an effort to maintain a state of readiness to […]
What Do Auditors Do? Understanding an Auditor’s Responsibilities
It is a misconception that the job of an auditor can be summed up to individuals that examine financial records with the goal of forming an opinion about the fairness of information presented within a company’s financial statements