The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
If you were asked what every company or organization has in common, what would you say? Well, there are many potential answers, but one thing is for certain — all companies/organizations are at risk for internal cyber security threats. There is a lot of attention in the media about companies being hacked by external parties [...]
Imagine that your system is under attack and your customers are unable to access your system because of this disruption in service. What do you do next and how do you respond? This is where incident management comes into play. An effective incident management process and incident response plan helps to return your system to [...]
Service organization environments are ever-changing. As the organization adapts, the systems used by the service organization change in alignment. This process of migrating to a new application or migrating your infrastructure to the cloud can be significant, not just to the organization, but to the service organization’s users. What is a Data Migration & When [...]
Simply put, yes, blockchain companies should be audited. Many organizations rely on blockchain companies to perform key services in support of the user organization’s operations. Those services may include, but are not limited to, processing financial transactions, including crypto and Non-Fungible Tokens (NFTs), sharing medical data, supply chain, and logistics monitoring, and administration and execution [...]
Security controls are a critical component to meet a Company’s primary SOC 2 goals of security, availability, processing integrity, confidentiality, and privacy of data. There are different control types that can be implemented, and each control that is mapped to a control type is represented with a different identified functionality and purpose. Controls are put [...]
I’ll be the first to admit that buzzwords like “information security governance,” “cyber security organizational structure,” and “information security organizational structure” can sound like trendy but otherwise meaningless concepts. My goal is to explain what information security governance is in a way that helps you not only understand the goals of information security governance, but [...]
Internal controls (which include manual, IT-dependent manual, IT general, and application controls) are essential process steps that allow for one to determine or confirm whether certain requirements are being done per a certain expectation, law, or policy. Additionally, internal controls allow auditors to perform tests to gain assurance that a process is designed and operating [...]
In our increasingly digital world, cybersecurity is critical to ensure the security, availability, and confidentiality of customer data. Recent events around the world, such as the ransomware attack that forced the shutdown of the nation’s biggest fuel pipeline in May 2021, should be sufficient cause for all businesses to place cybersecurity as their top priority. [...]
Over the last several years there has been a growth in the offering of SOC 2 software tools or, also thought of as SOC 2 compliance monitoring tools (of which these terms will be used interchangeably throughout this article). These tools provide functionality and support designed to help a service organization attain SOC 2 compliance. [...]
"*" indicates required fields
