Are you interested in SOC services but unsure what will be asked from you if internal control deficiencies are found? We all know the scary words “qualification” or “misstatement”, but what about the less scary but still important term: deficiency? This is also known as a “finding” or “gap” and a deficiency can also be […]
About Hilary Stavrakas (CISA)
Hilary has eight years of IT audit and assurance experience. Prior to starting at Linford & Co, Hilary worked for Deloitte managing audit readiness assessments, Sarbanes-Oxley 404 and SOC examinations, and complex remediation procedures. Hilary is a certified information systems auditor (CISA), holds a Master’s Degree in Accounting from the University of Colorado-Denver and a Bachelor’s in Business Administration from Colorado State University.
SOC 2 in Healthcare: Why Do Soc Reports Matter for Audit Compliance?
An audit is intended to build trust, decrease risk and encourage efficiency in business practices. While these traits are important for all businesses, they are critical for entities within the healthcare industry. No company is immune to risk, but those in the healthcare industry have a higher inherent risk based on the types of data […]
Operating System Hardening: Benefits, Importance, & Other Considerations
In the following paragraphs we’ll discuss what hardening means, the benefits and disadvantages it brings, and where to begin in the process of securing an operating system. Let’s first understand what the hardening process is. The concept of hardening, in relation to computing, is when the system is made more secure through the use of […]
Data Migrations & Their Impact on a SOC 2 Report
Service organization environments are ever-changing. As the organization adapts, the systems used by the service organization change in alignment. This process of migrating to a new application or migrating your infrastructure to the cloud can be significant, not just to the organization, but to the service organization’s users. What is a Data Migration & When […]
What is Section 5 of the SOC 2? The Unaudited Section of a SOC Report
Section 5, the unaudited section, of the SOC 2 report can vary significantly between reports. It may contain a lot of details about the service organization or it may only contain a response from management for a deficiency. So what can go in this section? There are various topics that can be included that can be […]
Understanding the Entity & Its Environment: Why It’s Important For SOC 2
Ever wonder what an auditor means when they say they’d like to get to know your entity and its control environment? Through this blog, we walk through why this topic is important to an auditor, what the procedures are to understand the entity and its environment, and how this information is used in compiling a […]