Close
Request Consultation

IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.

What is an Integrated Audit? Assessing Internal Controls

By Jaclyn Finney Published on August 21, 2019
An integrated audit incorporates the review of internal controls into the overall audit of the financial statements, which is now a requirement for public companies. Since the Sarbanes-Oxley Act came into effect, management is responsible for establishing, maintaining and reporting on an internal control structure and procedures for financial reporting, and auditors are required to [...]
What is an integrated audit?

What is the PCAOB? Auditing Standards & Inspection Reports

By Isaac Clarke Published on August 14, 2019
The Public Company Accounting Oversight Board (PCAOB) is a regulatory board reporting to the SEC who oversees the audits of public companies. Congress created the PCAOB in 2002 with the Sarbanes-Oxley Act (SOX) in response to a series of accounting scandals, notably Enron and Worldcom, to tighten controls on the auditing industry. [...]
What is the PCAOB?

2019 HIPAA Wall of Shame: Recent Security Breaches & Examples for Companies to Learn From

By L&Co Staff Auditors Published on July 31, 2019
If you’re already following HIPAA compliance-related news, you’re probably already familiar with the “Wall of Shame.” If you’re just getting started, read on. The HIPAA Breach Notification Rule requires Covered Entities and Business Associates to report breaches of protected health information (PHI) to the U. S. Department of Health and Human Services (HHS). [...]
2019 HIPAA Security Breaches

The SOC 2 Privacy Audit

By Becky McCarty Published on July 17, 2019

The trust services criteria applicable to a SOC 2 privacy audit covering the privacy criteria applies only to personal information such as health records, payment card information, or other personally identifiable information (PII). This is different than for the confidentiality criteria which applies to various types of sensitive information such as customer lists, product specifications, [...]

SOC 2 privacy audit

Chaos Engineering: What is it? Should You Use it?

By Jaclyn Finney Published on July 3, 2019

Incident Response Plans (IRP) are an extremely important element of dealing with security incidents. Traditionally, an IRP has been when an organization creates a scenario on paper and performs a walkthrough of the incident with key members of the incident response team to determine whether everyone understands what to do in the event an incident [...]

Chaos engineering

What are the Roles and Responsibilities of Information Security?

By L&Co Staff Auditors Published on June 19, 2019
Information security is a hot topic and receives frequent headlines due to the weekly—if not daily—security breaches that occur on a global scale. At Linford & Co, we work with service providers on a regular basis to evaluate aspects of their information security by independently testing the design and operating effectiveness of their controls. [...]
Information security roles & responsibilities

FedRAMP 3PAOs: What is Their Role in the FedRAMP Process?

By Ray Dunham Published on April 17, 2019

The Federal Risk and Authorization Management Program (FedRAMP) is a federal program focused on providing a consistent process for evaluating the security of commercial cloud service providers (CSP) that seek to provide services to the federal government. The FedRAMP process involves five primary entities but depending on the path a CSP takes to achieve an [...]

FedRAMP 3PAOs

Understanding SOC Services: Organization Control Audits

By Megan Kovash Published on April 3, 2019

What are SOC services in relation to service organization control audits? SOC services, in this context, refers to System and Organization Controls (SOC) and the suite of services CPA firms provide for auditing these controls at a service organization. These audits are referred to as SOC audits. There are several different kinds of SOC audits [...]

Understanding SOC Services
Contact Us

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
I understand and agree to the Linford & Company LLP privacy policy.**
Request Consultation
Linkedin-in Youtube