The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
The auditors are coming! Let’s face it, many organizations dread audit time–but it doesn’t have to be that way. Whether you’re facing your very first audit or preparing for the next recurring one, being audit-ready will save you time and effort, alleviate stress, and facilitate a smooth and successful audit process. As humans, we naturally [...]
In the rapidly evolving landscape of technology services, companies are entrusted with handling sensitive client data. To ensure the security, availability, and integrity of this data, many executives consider undergoing a System and Organization Controls (SOC) audit. However, misconceptions surrounding SOC audits often cloud the decision-making process. So, what exactly is a SOC audit? In [...]
As security breaches (such as these HIPAA security breaches) become more common and costly, it is important to understand ways to prevent breaches. Recently, we came across a scenario where a company was not using a vulnerability scanner to scan their development environment for secret credentials, thus making the secret credentials not so secret. The [...]
Over the past several years, the concept of Zero Trust has transitioned from an industry buzzword to a pillar of information security. In this blog post, we will break down what zero trust means in the industry, what the pillars of zero trust are, and how zero trust concepts impact auditing activities and other factors [...]
When discussing the SOC audit process with clients, one of the first questions we are often asked is what the scope of a SOC 2 audit is. The answer is almost always, “It depends.” This answer can often be a point of frustration for many, as there is no quick answer. This is due to [...]
As I pondered about what blog content may be interesting and useful to our current and prospective clients, I kept coming back to one interesting client discussion I recently had. I was working with a first-year SOC 2 readiness client, and they were asking for insights and my perspectives on best practices for conducting an [...]
It’s 2:00 AM on a Friday and your phone begins to ring. On the other end is the desperate voice of your IT Security manager trying to communicate that your company has just been hacked and that it looks like customer data may have been stolen. “How can this have happened?” you exclaim. “Didn’t we [...]
In the ever-evolving realm of business, where external vendors and third-party collaborations are pivotal for enhancing efficiency and innovation, the significance of effective vendor and third-party risk management has never been more pronounced. Additionally, it has become the norm for companies to rely on third parties to provide critical operational functionality for a business. As [...]
If you have recently completed a Type I SOC report, congratulations! It is no small task to prepare and complete a SOC examination. However, for most companies, a Type I SOC report is just a step in the process of eventually completing a Type II SOC report, as that is what most user entities expect [...]
"*" indicates required fields
