The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
The number of cybersecurity incidents continues to rise. This upsurge in frequency and complexity has also resulted in an increase in costs. According to IBM’s 2022 Cost of a Data Breach Report, the average total cost of a data breach is USD $4.35 million, 83% of organizations studied have had more than one data breach, [...]
In September 2020, the AICPA issued a new Statement on Standards for Attestation Engagements (SSAE) labeled as SSAE No. 21, Direct Examination Engagements. You might ask, “Why do we care about it now?” We care about it now because it is effective for all practitioners’ reports dated on or after June 15, 2022. A date [...]
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013 internal control framework includes five COSO components and 17 COSO principles and is part of the common criteria included in a SOC 2 assessment. The five COSO components include the following: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring Activities. For [...]
RPA is the automation of digital processes in which a software robot takes over the human actions in any software. The technology simplifies the build, deployment, and management of software robots that emulate human actions interacting with digital systems and software. In this article, we will outline the use of RPA and the impacts on [...]
Think of the types of compliance audits or assessments that an organization may have throughout the year – SOC 1, SOC 2, PCI DSS, HIPAA compliance audits, Internal Audits, FedRAMP, and HITRUST assessments just to name a few. The list seems to ever increase as new regulations are added. The origination of an audit could [...]
Clients often ask me if policies and processes put in place for the Payment Card Industry Data Security Standard (PCI DSS) compliance can be used to pass their Service Organization Control (SOC) 2 audit. While some overlap exists between the security procedures required to “pass” your PCI and SOC 2 audits, the biggest difference between [...]
What is an Enterprise Environment? From a technology perspective, an enterprise environment is the total of all information assets that support the process, storing, or transmission of data that supports the business functions of an organization. Such assets include everything from user endpoints (e.g., laptops, phones, tablets), to servers (virtual or physical), data storage, network [...]
Organizations are continuously challenged in preparing for and performing an audit. Audits are commonly performed in large blocks of effort and treated like a project. Significant time and resources are often allocated to audit projects. To make things more challenging, audits are often time-bound and must be completed by a specified date. Additionally, audits are [...]
Static code analysis and static code reviews are key controls in a company’s control environment, specifically related to the system development lifecycle and change management processes, and should be considered for inclusion in a company’s SOC 2 control inventory. Adopting static code analysis and static code reviews and integrating these controls into a Company’s control [...]
"*" indicates required fields
