Close
Request Consultation

Jenny Shen

Partner | CISA, CISSP, CCSFP

Jenny Shen
Contact Auditor

Jenny has been in risk advisory and compliance since 2008. She spent 7 years at Ernst & Young where she was responsible for both audit and advisory engagements across financial services, energy, technology, and healthcare sectors. Since 2015, she has been focusing on serving SaaS-based companies, assessing their control environments as part of SOC reporting, HIPAA compliance, ISO 27001 and HITRUST certification, and PCI compliance initiatives. She is a certified information systems auditor (CISA), HITRUST assessor (CCSFP), information systems security professional (CISSP), PCI QSA, ISO 27001 Lead Auditor, and AWS cloud practitioner. Jenny received her Bachelor of Science and Master’s degrees in Information Systems Management from Brigham Young University.

All articles by Jenny Shen:

The New Era of PCI DSS 4.0: Requirements Effective After March 31, 2025

By Jenny Shen Published on July 30, 2025

PCI DSS v4.0, which took effect on April 1, 2024, introduced 47 new requirements. A 12-month transition period allowed organizations to adopt these new requirements. As of March 31, 2025, these formerly “best-practice” requirements become mandatory. For many whose report on compliance (ROC) was issued before that deadline, these requirements were simply marked as Not [...]

PCI DSS 4.0 Updates in 2025

Navigating Regulatory Compliance – An Auditor’s Insights

By Jenny Shen Published on July 22, 2024

With no shortage of regulations around data security and privacy, it’s no wonder that determining which regulations must be complied with and whether your company has compliance gaps can be a daunting task. Regulatory compliance is mandatory, but can be overwhelming. Where should you start? Perform a Risk Assessment Risk assessments are valuable tools for [...]

A guide to regulatory compliance

IT Risk Assessment and HIPAA Compliance

By Jenny Shen Published on May 20, 2024

The HIPAA Security Rule places so much emphasis on the importance of risk analysis that it is positioned as the first requirement of HIPAA compliance. Yet, as we conduct HIPAA compliance gap assessments for organizations, it is rare to find that a formal IT Risk Assessment has been completed, and rarer still to find that [...]

IT risk assessment guidance

What are HITRUST® Correction Action Plans (CAPs)? Answers to Common Questions

By Jenny Shen Published on October 26, 2022

Following months of hard work, you and your External HITRUST® Assessor finally “complete” the assessment and the assessment dashboard now displays 100% of requirements under the “External Assessor Review Complete” status – now what? For most Assessed Entities, that phase is followed by formulating CAPs for requirement statements as part of a control reference required [...]

What are HITRUST correction action plans (CAPs)

Corrective Action Plans 101: Guide for Managing Audit Findings

By Jenny Shen Published on May 11, 2022

If your organization has gone through an audit against a compliance framework, whether it be SOC 1, SOC 2, HITRUST, FedRAMP, or HIPAA, you might shudder at the thought of the words “findings,” “gaps,” and “deficiencies.” However, even an audit with a favorable outcome (e.g. unqualified opinion, certification, authorization) could come with findings and recommendations [...]

Corrective action plans for audit results

What is a Security Operations Center (SOC) & Why Should You Invest in One?

By Jenny Shen Published on January 4, 2022

In our increasingly digital world, cybersecurity is critical to ensure the security, availability, and confidentiality of customer data. Recent events around the world, such as the ransomware attack that forced the shutdown of the nation’s biggest fuel pipeline in May 2021, should be sufficient cause for all businesses to place cybersecurity as their top priority. [...]

What is a security operations center (SOC)

No Matches Found

But there’s still plenty worth exploring. Try a different search, or browse the Blog.

Contact Us

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
I understand and agree to the Linford & Company LLP privacy policy.**
Request Consultation
Linkedin-in Youtube