Type II SOC engagements (for both SOC 1 audits and SOC 2 audits) require walkthroughs and testing of the controls in place at the service organization to be able to opine on the suitability of the design and the operating effectiveness of controls during the period under review. Each control objective or criteria has a […]
About Nicole Hemmer (PARTNER | CISSP, CISA)
Nicole Hemmer started her career in 2000. She is the co-founder of Linford & Co., LLP. Prior to Linford & Co., Nicole worked for Ernst & Young in Indianapolis, Chicago, and Denver. She specializes in SOC examinations and royalty audits and loves the travel and challenge that comes with clients across all industries. Nicole loves working with her clients to help them through examinations for the first time and then working together closely after that to have successful audits.
SOC 1 vs. SOC 2 – How They Are Different & Which Report You Need
Many of our clients and prospects get asked for a “SOC report” from their clients or customers without any further clarification. Also, many get asked for a SOC 1 and a SOC 2… so how do they know what they need? Do they need both? Just one? We get these questions all the time, and […]
SOC Readiness Assessments: Recommended Guidance for Audit Readiness
Linford & Company specializes in helping service organizations go through their Service Organization Control (SOC) review the first time.
SOC Audit Report Overview: The Definitive Guide
A SOC (System and Organization Controls) report is a report on controls at a service organization related to various types of subject matter, for example: controls that affect user entities’ financial reporting; controls that affect the security, availability, and processing integrity of the systems; or the confidentiality or privacy of the information processed for user entities’ clients.
Maintaining Optimal Cybersecurity with Remote Staff Working from Home During Coronavirus Outbreak
With COVID-19 requiring nonessential workers to work from home or social distance, many organizations are trying to navigate having their workers not in the office and still maintaining the optimal security methods from their home offices. Keep reading for some recommendations on how to maintain optimal cybersecurity with remote staff. How Do You Keep Up […]
What is Containerization? Security & Benefits
Containers and the concept of containerization has been growing rapidly over the past few years, and many organizations are struggling to keep up with the new technology and keeping their systems secure. If you and your organization are considering trying to use or moving to containers, many of your current security processes and procedures will […]
What is Upstream and Downstream Testing in Auditing?
Clients will often ask why we complexify certain types of audit procedures.
SOC Certifications: Are SOC 1 & SOC 2 Audits Actually Certifications?
There is no such thing as a SOC or SSAE 16 (known as SOC 1, which is the marketing name for the standard) certification.
Audit Sampling in SOC Examinations
In completing SOC 1 and SOC 2 examinations (and most other types of audits), there is testing involved to determine the operating effectiveness of controls. There are different types of tests that can be applied to testing controls (for more information on the five types of tests refer to our article, Five Types of Testing Methods […]
What is a Royalty Audit and Who Needs One?
In its simplest form, a royalty audit is a financial inspection that determines whether a licensee (user of a patent/license/franchise) is paying the licensor (owner of the patent/license/franchise) the correct amount of royalty fees.