About Becky McCarty (CPA, CISA, CRISC, CIA, CFE)

Becky McCarty

Becky McCarty has over 20 years of experience in internal controls, audit, and advisory services. She specializes in SOC 1 and SOC 2 examinations for Linford & Co., LLP. Becky completed a Bachelor’s degree in Business Administration (Accounting) and a Master of Science degree in Management Information Systems. She worked 6 years with KPMG LLP commencing in 1999, worked several years in the energy industry, and joined Linford & Co., LLP in 2018. Becky also served 9 years on the Board of Directors for a home healthcare nonprofit. She works closely with clients so that the examinations are performed efficiently and with minimal disruption while ensuring performance in accordance with professional guidance. She enjoys helping clients successfully achieve the requirements for their SOC compliance efforts based on their objectives and/or applicable trust services criteria.

VPN encryption benefits

What are the Benefits of Using VPN Encryption?

In today’s digital world and with many individuals working remotely and executing transactions over the internet, you may wonder how secure your connection is and if your information and that of your employer remain private. Unscrupulous individuals want your sensitive private data such as your personally identifiable information (PII) and your electronic protected health information […]

Mobile security threats for SOC 2 guidance

Mobile Security Threats: What You Need To Know For SOC 2

As the sophistication and volume of mobile security threats increase, mobile device users and mobile application developers need to be vigilant and stay on top of emerging mobile security threats in order to protect their sensitive data and reputation. This blog delves into some common mobile security threats and what actions may be taken to […]

Fraud risk assessment and COSO principle 8

Considerations for Fraud Risk Assessment: COSO Principle 8

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013 internal control framework includes five COSO components and 17 COSO principles and is part of the common criteria included in a SOC 2 assessment. The five COSO components include the following: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring Activities. For […]

Guide to incident management

What is Incident Management & Why is It Important?

Imagine that your system is under attack and your customers are unable to access your system because of this disruption in service. What do you do next and how do you respond? This is where incident management comes into play. An effective incident management process and incident response plan helps to return your system to […]

IT change management for service organizations

IT Change Management for Service Organizations: Process, Risks, Controls, Audits

What is IT Change Management? IT change management is a standardized end-to-end process that enables changes, including application, infrastructure, and configuration changes, to be deployed to a production IT environment in a controlled and consistently repeatable manner. IT change management provides the mechanism or workflow that makes sure only authorized changes are made to production. […]

Internal audit vs external audit

Internal Audit vs External Audit: What You Need To Know

While there are some similarities between an internal audit and an external audit, there are differences that need to be understood. This blog will explain what an internal audit and an external audit are to the reader. It will dissect the similarities and the differences between an internal audit and an external audit for greater […]

SOC 2 description criteria

What are Description Criteria for a SOC 2 Report?

The description of a service organization’s system in a SOC 2 report is required to be prepared and assessed utilizing the description criteria guidance put forward by the American Institute of Certified Public Accountants (AICPA). The description criteria will be discussed in this blog to provide guidance on the factors to consider when describing a […]

vendor vs subservice organization

Vendor vs Subservice Organizations: Understanding the Difference & How it Affects You

A service organization may have a number of vendors and subservice organizations engaged to assist them in meeting their objectives or achieving the service commitments to their user entities along with the system requirements necessary to do so. This article will explain the difference between a vendor and a subservice organization and provide some tips […]

Coronavirus security threats

Coronavirus Security Threats: Tips to Mitigate Cybersecurity Risks

As if the COVID-19 pandemic isn’t enough to deal with already, coronavirus security threats are erupting as nefarious individuals use this crisis to target organizations and individuals for their own financial gain. This article addresses some of the coronavirus scams out there today that threaten your security and how you may protect yourself. Stimulus Payments […]