The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
The client/auditor relationship is unique and strange. Basically, your organization is paying someone to look at your highly confidential information (e.g. financials, systems, processes, and controls) to provide an opinion on that information. I’m sure you’re already aware, but the opinion is not meant for the client, but rather for the readers of the audit [...]
This blog is being written to address a topic that has been around for a number of years in the SOX world, but is now becoming more relevant in the SOC world of testing. Why, you might ask, is it becoming more relevant in the SOC world? The reason is simple: because when an entity’s [...]
Do you ever wonder if the CPA firm your organization decides to use has the right type of experience when going through the engagement process? Well, one question you can ask is the last time the CPA firm went through the AICPA peer review program. In this post, we will discuss what an AICPA peer [...]
Amazon Web Services (AWS) is an ever-evolving cloud services platform that continues on its path to remaining the market leader in cloud infrastructure. If you use AWS services, you have an idea of what we’re talking about. However, are you sure you’re using all the AWS tools possible for SOC 2 compliance? Do you know [...]
If you’re an information security professional, there’s a good chance you’ve already heard about the MITRE ATT&CK framework. If it’s something you haven’t heard of, or if you haven’t found the time to dive into its vast trove of information, it’s never too late to start! The following are some of the most common questions [...]
When considering controls for an organization, it may not be known that there are more than one level or type of control. To manage their business operations, organizations will have entity-level, divisional, regulatory, transaction-level, and process-specific controls to name a few. Of these controls, entity-level controls are considered to be a crucial part when: one [...]
The description of a service organization’s system in a SOC 2 report is required to be prepared and assessed utilizing the description criteria guidance put forward by the American Institute of Certified Public Accountants (AICPA). The description criteria will be discussed in this blog to provide guidance on the factors to consider when describing a [...]
The task of internal audit planning can be overwhelming and involve many individuals. Sometimes it is difficult to even know where to begin. In this article, we will break down a few of the common questions when it comes to an internal audit, elaborate on the key steps to the internal audit planning phase, and [...]
"*" indicates required fields
