The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
Having the right controls in place is critical for an organization to protect its systems and safeguard its clients’ data. Identifying, designing, and implementing an appropriate set of controls is quite an accomplishment for most young companies. If you have implemented controls within your organization to maintain security, the next question to ask is: How [...]
Is your organization growing and are your clients asking if you have specific certifications? You are not alone. Many small businesses or start-ups with incredible products or services have found themselves in the same situation. The SOC 2 compliance status of a cloud service provider or Software-as-a-Service (SaaS) company is an important factor when choosing [...]
A request for proposal has just come out that is in your company’s wheelhouse but instead of only requiring HIPAA and SOC 2, the proposal suggests that those who are HITRUST® compliant either receive more consideration or may be the only proposals considered at all. What happens now? Are you prepared? Do you know what [...]
With an ever-changing landscape of security threats and available tools and resources, it is important for organizations to periodically evaluate their security maturity and seek to make improvements to maintain a well-balanced security posture. Throughout this blog, we will explore the concept of the capability maturity model with a focus on security maturity in an [...]
An audit is intended to build trust, decrease risk and encourage efficiency in business practices. While these traits are important for all businesses, they are critical for entities within the healthcare industry. No company is immune to risk, but those in the healthcare industry have a higher inherent risk based on the types of data [...]
The cloud computing on-demand model of compute power, database, storage, applications, and other IT resources accomplishes a variety of tasks. It reduces barriers, creates flexibility, and increases speed to market. The benefits of the cloud mean that organizations must seriously consider the cloud to perform business. Whether your organization is new to the cloud or [...]
When deciding what kind of SOC report your service organization needs or what kind of report to request from your service organization, the options can be a little confusing. Especially when considering whether you need a SOC 2 vs a SOC 3 report. Many of our clients ask us what a SOC 3 report is, [...]
What is operational risk management? And why is operational risk important? Simply defined, operational risk management is a continual process performed to identify and manage the risks inherent to running a business. Risk is fundamental to operating a business, and all businesses have to manage risk of all types, ranging from financial to operational to [...]
Following months of hard work, you and your External HITRUST® Assessor finally “complete” the assessment and the assessment dashboard now displays 100% of requirements under the “External Assessor Review Complete” status – now what? For most Assessed Entities, that phase is followed by formulating CAPs for requirement statements as part of a control reference required [...]
Data has become a valuable resource for organizations across the world, and large amounts of data are being collected every day. At the same time, there has been an increase in or emphasis on the laws and regulations aimed at providing safeguards for data collected. A tool that can be used to help manage data [...]
"*" indicates required fields
