"*" indicates required fields
Becky McCarty has extensive experience in internal controls, audit, and advisory services. She specializes in SOC, HIPAA, and ISO/IEC 27001:2022 examinations for Linford & Co., LLP. Becky completed a Bachelor’s degree in Business Administration (Accounting) and a Master of Science degree in Management Information Systems. She worked 6 years with KPMG LLP commencing in 1999, worked many years in the energy industry, and joined Linford & Co., LLP in 2018. Becky also served 9 years on the Board of Directors for a home healthcare nonprofit. She works closely with clients so that the examinations are performed efficiently and with minimal disruption while ensuring performance in accordance with professional guidance. She enjoys helping clients successfully achieve the requirements for their security compliance reporting needs.
If you are being asked to obtain a System and Organization Controls (SOC) report by your existing user entity or a potential user entity, you may question whether you should obtain a SOC 1, SOC 2, or SOC 3 report. You may also wonder whether it should be a Type 1 or a Type 2 […]
Healthcare providers, payers, exchanges, and many service providers to the healthcare industry are under increased pressure to demonstrate their compliance with the security and privacy requirements of HIPAA.
The SOC 2 Privacy criteria is one of the AICPA’s five Trust Services Criteria that may be included in a System and Organization Control (SOC) report that a service organization provides to its user entities. On the other hand, the General Data Protection Regulation (GDPR) is an enforceable legislative act in place to protect the […]
The trust services criteria applicable to a SOC 2 privacy audit covering the privacy criteria applies only to personal information such as health records, payment card information, or other personally identifiable information (PII). This is different than for the confidentiality criteria which applies to various types of sensitive information such as customer lists, product specifications, […]
Data security refers to the controls implemented by a company to protect its data from unauthorized access and corruption. A good control environment around data security isn’t built on trust, it’s built on controls that are operating effectively allowing verification and adequate oversight. The implementation of mature data security protocol and measures by which individuals […]
