The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
I once attended a training where the class was broken out into small groups, and each group was tasked with assembling an elaborate box of blocks and accessories in a precise order to create a motorcycle. However, for this exercise, the instructions were removed from the box and the moderator did not provide any guidance [...]
Gartner analysts said that more than 85% of organizations will embrace a cloud-first principle by 2025 and will not be able to fully execute their digital strategies without the use of cloud-native architectures and technologies. With this ever-increasing move to a cloud environment, do you know what complementary subservice organization controls are, how to distinguish [...]
As companies grow and become subject to increasing regulatory scrutiny, one of the most valuable intangible assets that executives can foster is a culture of compliance. This blog post will describe the importance of a culture of compliance and how to create it. What is a Culture of Compliance? Culture is defined as “the set [...]
Having the right controls in place is critical for an organization to protect its systems and safeguard its clients’ data. Identifying, designing, and implementing an appropriate set of controls is quite an accomplishment for most young companies. If you have implemented controls within your organization to maintain security, the next question to ask is: How [...]
Is your organization growing and are your clients asking if you have specific certifications? You are not alone. Many small businesses or start-ups with incredible products or services have found themselves in the same situation. The SOC 2 compliance status of a cloud service provider or Software-as-a-Service (SaaS) company is an important factor when choosing [...]
A request for proposal has just come out that is in your company’s wheelhouse but instead of only requiring HIPAA and SOC 2, the proposal suggests that those who are HITRUST® compliant either receive more consideration or may be the only proposals considered at all. What happens now? Are you prepared? Do you know what [...]
With an ever-changing landscape of security threats and available tools and resources, it is important for organizations to periodically evaluate their security maturity and seek to make improvements to maintain a well-balanced security posture. Throughout this blog, we will explore the concept of the capability maturity model with a focus on security maturity in an [...]
An audit is intended to build trust, decrease risk and encourage efficiency in business practices. While these traits are important for all businesses, they are critical for entities within the healthcare industry. No company is immune to risk, but those in the healthcare industry have a higher inherent risk based on the types of data [...]
The cloud computing on-demand model of compute power, database, storage, applications, and other IT resources accomplishes a variety of tasks. It reduces barriers, creates flexibility, and increases speed to market. The benefits of the cloud mean that organizations must seriously consider the cloud to perform business. Whether your organization is new to the cloud or [...]
"*" indicates required fields
