IT Audit & Compliance Blog | Linford & Company LLP

Chaos Engineering: What is it? Should You Use it?

By Jaclyn Finney Published on July 3, 2019

Incident Response Plans (IRP) are an extremely important element of dealing with security incidents. Traditionally, an IRP has been when an organization creates a scenario on paper and performs a walkthrough of the incident with key members of the incident response team to determine whether everyone understands what to do in the event an incident [...]

What are the Roles and Responsibilities of Information Security?

By L&Co Staff Auditors Published on June 19, 2019

Information security is a hot topic and receives frequent headlines due to the weekly—if not daily—security breaches that occur on a global scale. At Linford & Co, we work with service providers on a regular basis to evaluate aspects of their information security by independently testing the design and operating effectiveness of their controls. [...]

What is Upstream and Downstream Testing in Auditing?

By Nicole Hemmer Published on May 15, 2019

Clients will often ask why we complexify certain types of audit procedures. [...]

FedRAMP 3PAOs: What is Their Role in the FedRAMP Process?

By Ray Dunham Published on April 17, 2019

The Federal Risk and Authorization Management Program (FedRAMP) is a federal program focused on providing a consistent process for evaluating the security of commercial cloud service providers (CSP) that seek to provide services to the federal government. The FedRAMP process involves five primary entities but depending on the path a CSP takes to achieve an [...]

Understanding SOC Services: Organization Control Audits

By Megan Kovash Published on April 3, 2019

What are SOC services in relation to service organization control audits? SOC services, in this context, refers to System and Organization Controls (SOC) and the suite of services CPA firms provide for auditing these controls at a service organization. These audits are referred to as SOC audits. There are several different kinds of SOC audits [...]

SOC Certifications: Are SOC 1 & SOC 2 Audits Actually Certifications?

By Nicole Hemmer Published on March 27, 2019

There is no such thing as a SOC or SSAE 16 (known as SOC 1, which is the marketing name for the standard) certification. [...]

Understanding Blockchain: Security, Risks & Auditing Tips

By Jaclyn Finney Published on March 20, 2019

Over the last decade, blockchain security and how it affects cybersecurity has become a hot topic among the information technology and financial circuits. But as with all technology, one must ask how safe it is to use. The most common form of blockchain implementation is known as Bitcoin. Bitcoin has since become one of many [...]

There is No SOC 1 Audit Checklist…Only Questions & Considerations

By Isaac Clarke Published on March 13, 2019

You have poured your blood, sweat, and tears in to your startup and it is about to pay off. You are close to finalizing a deal with a new, large customer. You have worked long and hard to connect with them and demonstrate the value of your service or system. They are excited. You are [...]

What is FedRAMP? 5 Considerations Before Taking the Leap

By Ray Dunham Published on February 27, 2019

A simple FedRAMP definition is that FedRAMP is a government program designed to bring consistent and repeatable processes to security evaluations of cloud service offerings (CSO) for the federal government. The FedRAMP authorization process is designed to leverage a single security assessment for multiple federal agencies that would like to use the CSO. FedRAMP is [...]

Who Can Perform a SOC Audit?

By Jaclyn Finney Published on January 30, 2019

As the requirement to receive SOC 1 or SOC 2 reports as part of a contract, request for proposal (RFP), or security program increases as a barrier to receiving major clients, it’s important to understand who can perform these audits. This post will identify a number of questions to answer who exactly can perform SOC [...]