Jaclyn Finney started her career as an auditor in 2009. She started with Linford & Co., LLP. in 2016 and is currently a manager with the firm. She is a CISA with a special focus on SOC, HITRUST, FedRAMP and royalty examinations. Jaclyn works with her clients to provide a process that meets the needs of each customer and generates a tailored report that is useful to the client and the users of the report.
As the requirement to receive SOC 1 or SOC 2 reports as part of a contract, request for proposal (RFP), or security program increases as a barrier to receiving major clients, it’s important to understand who can perform these audits. This post will identify a number of questions to answer who exactly can perform SOC […]
In simple terms, security data breaches are when a company vulnerability (technical or non-technical [i.e. employee related]) is exploited and, as a result, access to customer information or other data, applications, or networks is granted to an unauthorized individual. When a breach occurs, depending on the security framework, notification of the security breach is required. […]
A request for proposal has just come out that is in your company’s wheelhouse but instead of only requiring HIPAA, the proposal suggests that those who are HITRUST compliant either receive more consideration or may be the only proposals considered at all. What happens now? Are you prepared? Do you know what that means? It […]
Each online business application has their own set of assets that need to be protected in order for them to maintain privacy of information and maintain a positive reputation in the eye of clients or consumers. In the post, we will discuss the principles of security and privacy, define terms used to complete risk assessments, […]
Over the last year, the world saw a number of major security breaches in the news. Some notable ones include the Equifax data breach, Uber data breach, WannaCry cyber attack, and the list goes on. While each of these had its own unique security vulnerability that was exploited they all shared in at least one […]
Over the past few years, it seems like there is a new compliance framework that companies are required to follow every year. And many companies are trying to understand which one applies, how many are they required to use and frankly, how much it is going to cost. This blog will discuss two frameworks SOC […]
Many companies are considering using a Cloud Service Provider to host their environment or house their data. Because of this, it is important to have a Cloud Service Agreement in place that clearly defines the responsibilities of the Cloud Service Provider, compliance guaranties, steps taken in the event of a breach or incident, and a […]
Having a plan in place to backup pertinent information to keeping a business running in the event information becomes unavailable for use is an important concept of business continuity. This blog will provide a definition and importance of corporate data backups, outline solutions options, and define best practices used for defining a corporate data backup […]
As the popularity of cloud computing has increased over the last decade, so has the maturity of standards used govern these resources. This article will provide a definition of cloud computing and cloud computing audit, the objectives of cloud computing, the scope of a cloud computing audit, and audit steps to expect. Cloud Computing Definitions […]
Exposing employees to the security threats that exploit businesses, seemingly weekly these days, can help companies protect themselves against those threats. This blog will present the importance of security training, options and resources, and the frequency that training should be provided. What is Security Awareness Training? Security awareness training is the process of providing information […]
