Defining the scope of a SOC (System and Organization Controls) assessment is often the starting point for any meaningful audit preparation. The scope is critical because it determines which systems, services, and periods will be evaluated, impacting the value and usefulness of the SOC audit report to stakeholders. In this article, we’ll walk through essential […]
About Isaac Clarke (PARTNER | CPA, CISA, CISSP)
Isaac Clarke is a partner at Linford & Co., LLP. He began his career with Ernst & Young in 2003 where he developed his audit expertise over a number of years. Isaac specializes in and has conducted numerous SOC 1 and SOC 2 examinations for a variety of companies—from startups to Fortune 100 companies. Isaac enjoys helping his clients understand and simplify their compliance activities. He is attentive to his clients’ needs and works meticulously to ensure that each examination and report meets professional standards.
Identity and Access Management for Beginners
How do companies keep track of who’s supposed to see what information? What if a disgruntled ex-employee still had access to sensitive files? Or a hacker could easily impersonate the CEO? Identity and Access Management (IAM) is the answer, ensuring the right people (and only the right people) get access to the right systems and […]
What Is An Internal Auditor & Why Should You Hire One?
What is an Internal Audit? The Institute of Internal Auditors (IIA) defines internal audit as the “independent, objective assurance, and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and […]
The SOC 2 Criteria for Monitoring Activities – Insights from an Auditor
Having the right controls in place is critical for an organization to protect its systems and safeguard its clients’ data. Identifying, designing, and implementing an appropriate set of controls is quite an accomplishment for most young companies. If you have implemented controls within your organization to maintain security, the next question to ask is: How […]
What is an Internal Audit? Answers to Common Questions
For many people, the words “internal audit” conjure a sense of fear and anticipation of high cost. Even under the best circumstances, having someone review your activities can be intimidating, but internal audit provides an unbiased, independent review of data and business processes.
Control Objectives & Activities: What Are They & What’s Appropriate?
When we are approached by a prospective client to perform a SOC 1 (f. SSAE 16) audit, we will ask what control objectives they want to include in the scope of the examination. In some cases, they have responded with their own question: What is a control objective? This blog will address that question, as […]
Are You Asking for a SOC Report? Do You Need One? When It’s Required
We often meet with executives of small and medium-sized companies who are debating whether or not they need a System and Organization Controls (SOC) report. The decision comes down to one simple question: “Are your customers asking for a SOC report?” If they are, you will need to get one or be prepared to lose […]
Securely Sharing SOC Reports: Answers to Common Questions
Service organizations often ask our firm if they have to give out their SOC 1 (formerly SSAE 16) or SOC 2 report to user organizations or prospective user organizations
International Standards for SOC 1 & SOC 2: ISAE 3000 & ISAE 3402
The evolution of technology and its increased use has led businesses around the world to become more interconnected and interdependent of one another than ever before. Companies of all sizes can now easily reach and serve organizations around the globe, rather than just their region or country. As services provided by service organizations are increasingly […]
How Much Does A SOC Audit Cost?
There is one question on everyone’s mind when they learn that they need to get a SOC report for one of their clients… How much is this going to cost? Chances are, if you are reading this, then you have the same question. The bottom line is, SOC audit costs vary, but audits typically range […]