About Nicole Hemmer (PARTNER | CISSP, CISA)

Nicole Hemmer started her career in 2000. She is the co-founder of Linford & Co., LLP. Prior to Linford & Co., Nicole worked for Ernst & Young in Indianapolis, Chicago, and Denver. She specializes in SOC examinations and royalty audits and loves the travel and challenge that comes with clients across all industries. Nicole loves working with her clients to help them through examinations for the first time and then working together closely after that to have successful audits.

ALL ARTICLES BY Nicole Hemmer (PARTNER | CISSP, CISA):
Audit Sampling in SOC examinations

Audit Sampling in SOC Examinations

In completing SOC 1 and SOC 2 examinations (and most other types of audits), there is testing involved to determine the operating effectiveness of controls. There are different types of tests that can be applied to testing controls (for more information on the five types of tests refer to our article, Five Types of Testing Methods […]

Soc 2 audit security trust services criteria

SOC 2 Security Trust Services Criteria

The Trust Services Criteria (TSC) were developed by the AICPA Assurance Services Executive Committee (ASEC). The available TSCs for a SOC 2 audit include: Security (also known as common criteria). This is the only required TSC and is included to demonstrate that systems at a service organization are protected against unauthorized access and other risks […]

Confidentiality trust services criteria

Confidentiality Trust Services Criteria in a SOC 2

The available Trust Services Criteria (TSC) as defined by the American Institute of Certified Public Accountants (AICPA) that are options to be included in a SOC 2 audit are the following: Security (also known as common criteria). Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could […]

Availability Trust Services Criteria in a SOC 2 Audit

The available Trust Services Criteria (TSC) as defined by the American Institute of Certified Public Accountants (AICPA) that can be included in a SOC 2 audit are the following: Security. Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy […]

How long does a SOC examination take?

How Long Does a SOC Examination Take?

We are frequently asked how long it takes to complete a SOC examination. Unfortunately there is not an answer that fits for every examination because every service organization is different. But, if an organization has controls in place the average time taken for a SOC examination is typically one to three months for Type I reports, and six to 12 months for Type II reports. If controls are not in place, the examination can take longer.

What Does Compliant Mean in IT & Business?

Compliance is defined in the dictionary as “the action or fact of complying with a wish or command.” That is a very simple definition for a complicated topic, especially when you consider all the demands and regulations companies are asked to be compliant with these days.

What is processing integrity?

What is Processing Integrity and Who Needs it in their SOC 2?

There are five trust services criteria that can be included in a SOC 2 report, including: security, availability, processing integrity, confidentiality, and privacy (see definitions from the AICPA below). Only one of the five criteria is required in the SOC 2 — security. The other four trust services criteria are optional, and we get many […]