IT Audit & Compliance Blog

Your company, the Organization Seeking Assessment (OSA), has determined that it has to achieve CMMC Level 2 certification to be in compliance with contractual requirements with the Department of Defense (DoD) as defined in 32 CFR Part 170. An initial and critical step in attaining CMMC Level 2 certification is creating a system security plan [...]

In completing SOC 1 and SOC 2 examinations (and most other types of audits), there is testing involved to determine the operating effectiveness of controls. There are different types of tests that can be applied to testing controls, and to complete a majority of these tests, a sampling of populations that are required. In this [...]

Data centers have always possessed a certain mystique. They are places where blinking lights, humming machines, and climate control technology make you feel as though you have stumbled into a top-secret bunker straight out of a sci-fi movie. Today, however, data centers are far more than buzzing, refrigerator-like facilities. They are the backbone of modern [...]

A few years ago, during a SOC 2 audit for a mid-sized SaaS company, we noticed a gap: their patch management program looked solid on paper, but the execution was flawed. The client had a policy that mentioned monthly updates, a ticketing system for patch deployment, and even a patch management report that was presented [...]

In performing SOC audits for Linford & CO, the clear majority of organizations do a great job providing reasonable assurance they are meeting all their controls. But I wanted to hit on a list of seven common mistakes that seem to pop up to hopefully help your organization identify them before they become [...]

Many of our clients have built a Software-as-a-Service (SaaS) application on top of AWS and are leveraging AWS controls as part of their systems environment. One reason our clients do this is to leverage the AWS SOC 2-compliant infrastructure. Service organizations like AWS have their own SOC 2 report to provide assurance to stakeholders that [...]

With cyber threats evolving at an unprecedented rate, everyone must adopt robust security frameworks to protect sensitive information. One of the most widely recognized and implemented information security standards is ISO/IEC 27001:2022 (commonly referenced as “ISO 27001”). This internationally accepted standard provides a systematic approach to managing sensitive company and customer data, ensuring confidentiality, integrity, [...]

For decades, personal computers have been the backbone of work, creativity, and communication. From the early desktops of the 1980s to the sleek ultrabooks and gaming rigs of today, PCs have played an essential role in modern life. However, we are now on the cusp of a major technological shift that will render traditional personal [...]

AI agents are no longer a futuristic concept—they are actively reshaping business operations and revolutionizing auditing processes. Companies are leveraging these autonomous AI systems to automate workflows, enhance decision-making, and optimize security practices. But with rapid adoption comes significant challenges: compliance risks, ethical considerations, and security vulnerabilities that auditors must address. From customer service chatbots [...]