In today’s digital world and with many individuals working remotely and executing transactions over the internet, you may wonder how secure your connection is and if your information and that of your employer remain private. Unscrupulous individuals want your sensitive private data such as your personally identifiable information (PII) and your electronic protected health information […]
About Becky McCarty (CPA, CISA, CRISC, CIA, CFE)
Becky McCarty has over 20 years of experience in internal controls, audit, and advisory services. She specializes in SOC 1 and SOC 2 examinations for Linford & Co., LLP. Becky completed a Bachelor’s degree in Business Administration (Accounting) and a Master of Science degree in Management Information Systems. She worked 6 years with KPMG LLP commencing in 1999, worked several years in the energy industry, and joined Linford & Co., LLP in 2018. Becky also served 9 years on the Board of Directors for a home healthcare nonprofit. She works closely with clients so that the examinations are performed efficiently and with minimal disruption while ensuring performance in accordance with professional guidance. She enjoys helping clients successfully achieve the requirements for their SOC compliance efforts based on their objectives and/or applicable trust services criteria.
Mobile Security Threats: What You Need To Know For SOC 2
As the sophistication and volume of mobile security threats increase, mobile device users and mobile application developers need to be vigilant and stay on top of emerging mobile security threats in order to protect their sensitive data and reputation. This blog delves into some common mobile security threats and what actions may be taken to […]
Considerations for Fraud Risk Assessment: COSO Principle 8
The Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013 internal control framework includes five COSO components and 17 COSO principles and is part of the common criteria included in a SOC 2 assessment. The five COSO components include the following: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring Activities. For […]
What is Incident Management & Why is It Important?
Imagine that your system is under attack and your customers are unable to access your system because of this disruption in service. What do you do next and how do you respond? This is where incident management comes into play. An effective incident management process and incident response plan helps to return your system to […]
Change Management for Service Organizations: Process, Controls, Audits
What is Change Management? Change management is a standardized process by which all changes, including application code and infrastructure changes, are introduced into a production IT environment in a controlled and repeatable manner that ensures only authorized changes are being deployed. Example changes include bug fixes, new features, system upgrades, and patching. For service organizations, […]
Internal Audit vs External Audit: What You Need To Know
While there are some similarities between an internal audit and an external audit, there are differences that need to be understood. This blog will explain what an internal audit and an external audit are to the reader. It will dissect the similarities and the differences between an internal audit and an external audit for greater […]
What are Description Criteria for a SOC 2 Report?
The description of a service organization’s system in a SOC 2 report is required to be prepared and assessed utilizing the description criteria guidance put forward by the American Institute of Certified Public Accountants (AICPA). The description criteria will be discussed in this blog to provide guidance on the factors to consider when describing a […]
SOC Report Types: Understanding SOC Audits and the Differences Between a Type 1 vs Type 2 SOC Report
If you are being asked to obtain a System and Organization Controls (SOC) report by your existing user entity or a potential user entity, you may question whether you should obtain a SOC 1, SOC 2, or SOC 3 report. You may also wonder whether it should be a Type 1 or a Type 2 […]
Vendor vs Subservice Organizations: Understanding the Difference & How it Affects You
A service organization may have a number of vendors and subservice organizations engaged to assist them in meeting their objectives or achieving the service commitments to their user entities along with the system requirements necessary to do so. This article will explain the difference between a vendor and a subservice organization and provide some tips […]
Coronavirus Security Threats: Tips to Mitigate Cybersecurity Risks
As if the COVID-19 pandemic isn’t enough to deal with already, coronavirus security threats are erupting as nefarious individuals use this crisis to target organizations and individuals for their own financial gain. This article addresses some of the coronavirus scams out there today that threaten your security and how you may protect yourself. Stimulus Payments […]