The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
What is inherent risk and control risk and how do they relate to a SOC 2 audit? Inherent risk occurs due to the nature of the service provided and operation of the Company without consideration of any controls in place. Control risk is present as a result of the internal controls in place at the [...]
NIST 800-53, ISO/IEC 27001:2022, PCI, HITRUST, HIPAA, SOC 1, SOC 2, GDPR, CCPA…who needs another compliance framework? It’s an acronym soup, and who can keep them all straight anyway? I’m here to make the case that you may just have room for one more – the NIST Cybersecurity Framework (CSF), particularly if you’re seeking SOC [...]
Over the past few years, it seems like there is a new compliance framework that companies are required to follow every year. And many companies are trying to understand which one applies, how many they are required to obtain, and how much it is going to cost. This blog will discuss two frameworks: SOC 2 [...]
As a security practitioner and auditor, questions regarding the differences between vulnerability assessments and penetration testing come up often. Even though seasoned security professionals may already know the answer to a question like this, there are a number of non-security professionals who may need help understanding the differences, the benefits, and the costs. While larger [...]
When discussing if a company has implemented the necessary controls to meet the AICPA Trust Services Criteria for a SOC 2 engagement, one of the questions that often comes up is if an external penetration test is required. To aid in the discussion, this article will focus on the makeup of an external penetration test [...]
The evolution of technology and its increased use has led businesses around the world to become more interconnected and interdependent of one another than ever before. Companies of all sizes can now easily reach and serve organizations around the globe, rather than just their region or country. As services provided by service organizations are increasingly [...]
The client/auditor relationship is unique and strange. Basically, your organization is paying someone to look at your highly confidential information (e.g. financials, systems, processes, and controls) to provide an opinion on that information. I’m sure you’re already aware, but the opinion is not meant for the client, but rather for the readers of the audit [...]
This blog is being written to address a topic that has been around for a number of years in the SOX world, but is now becoming more relevant in the SOC world of testing. Why, you might ask, is it becoming more relevant in the SOC world? The reason is simple: because when an entity’s [...]
Do you ever wonder if the CPA firm your organization decides to use has the right type of experience when going through the engagement process? Well, one question you can ask is the last time the CPA firm went through the AICPA peer review program. In this post, we will discuss what an AICPA peer [...]
"*" indicates required fields
