Nicole Hemmer

In completing SOC 1 and SOC 2 examinations (and most other types of audits), there is testing involved to determine the operating effectiveness of controls. There are different types of tests that can be applied to testing controls, and to complete a majority of these tests, a sampling of populations that are required. In this [...]

Compliance is defined in the dictionary as “the action or fact of complying with a wish or command.” That is a very simple definition for a complicated topic, especially when you consider all the demands and regulations companies are asked to be compliant with these days. [...]

Sarbanes-Oxley (SOX) is an act originally signed into law in 2002. The act is named after Senator Paul Sarbanes and Representative Michael Oxley, who were the main architects of the act. [...]

In today’s day and age, most organizations rely on vendors for portions of the services they provide or to assist with the security and integrity of their technology and data. Managing the relationships with these vendors is important, in addition to monitoring the ongoing performance of the services provided by these vendors. When pursuing a [...]

At Linford & Company, we fully understand that there are all sizes of companies that complete the kind of audits we do, which include SOC 1 (f. SSAE 16), SOC 2, HIPAA and royalty audits. [...]

Type II SOC engagements (for both SOC 1 audits and SOC 2 audits) require walkthroughs and testing of the controls in place at the service organization to be able to opine on the suitability of the design and the operating effectiveness of controls during the period under review. Each control objective or criteria has a [...]

Many of our clients and prospects get asked for a “SOC report” from their clients or customers without any further clarification. Also, many get asked for a SOC 1 and a SOC 2… so how do they know what they need? Do they need both? Just one? We get these questions all the time, and [...]

Linford & Company specializes in helping service organizations go through their Service Organization Control (SOC) review the first time. [...]

A SOC (System and Organization Controls) report is a report on controls at a service organization related to various types of subject matter, for example: controls that affect user entities’ financial reporting; controls that affect the security, availability, and processing integrity of the systems; or the confidentiality or privacy of the information processed for user [...]

With COVID-19 requiring nonessential workers to work from home or social distance, many organizations are trying to navigate having their workers not in the office and still maintaining the optimal security methods from their home offices. Keep reading for some recommendations on how to maintain optimal cybersecurity with remote staff. How Do You Keep Up [...]