About Olivia Refile (Manager, CISSP, CISA)

Olivia Refile | Linford & Company

Olivia Refile (CISSP, CISA, CRISC, GSEC, ISO lead Auditor) specializes in SOC examinations for Linford & Co., LLP. She completed her Bachelors of Business Administration, with a concentration in Management Information Systems from Temple University’s Fox School of Business in 2010. Olivia started her career in IT Risk Management in 2010 specializing in internal, external audits as well as IT security risk assessments. Following her time in risk management Olivia moved solely into external IT Audit and is currently dedicated to performing SOC 1 and SOC 2 examinations.

ALL ARTICLES BY Olivia Refile (Manager, CISSP, CISA):
SOC 2 Data Centers: Becoming compliant

How to Become a Compliant SOC 2 Data Center: Auditor Guidance

When determining a cloud hosting or colocation provider, customers want to have assurance that they are utilizing a safe, secure, and competent provider. As such, data center providers can undertake a number of IT audits or examinations in order to demonstrate to customers and prospects that they have controls in place to protect client data […]

Importance of vulnerability scans for SOC 2 audits

Vulnerability Scanning: Importance of Vulnerability Scans in SOC 2 Audits

In light of prevalent and ongoing public data breaches, understanding where an organization’s vulnerabilities are is of great importance for prevention and security. Conducting vulnerability scans are a key component in helping prevent successful external adversary attacks. In this article, I will discuss briefly what vulnerability scans are, the common types, and how they help […]

benefits of hitrust certification

The Benefits of HITRUST Certification: Understanding HITRUST vs HIPAA

In previous blog articles, we have covered HITRUST certification and compliance requirements, understanding the HITRUST certification process, and scoring HITRUST CSF controls, but one question we hear constantly is, “What is the benefit of getting HITRUST certified?” Additionally, we hear a lot of “How does a HITRUST certification differ from HIPAA compliance?” This blog will […]

De-identification of personal data

De-Identification of Personal Information: What is It & What You Should Know

Many organizations may be retaining personal data and it is important for this information to be properly protected and or anonymized. One method to ensure personal information is appropriately anonymized is through de-identification. This article will explain what de-identification is, how to go about de-identifying personal data, and why it is important. To start, a […]

Third party risk management

Vendor/Third-Party Risk Management: Best Practices

How to Appropriately Select Vendors and Also Manage and Monitor Their Associated Risks In this article, I will discuss what vendor risks are and the importance of why risk associated with vendors, in support of your business, should be identified and then monitored on an ongoing basis. Further, I will discuss how organizations can actually […]

Risk Management

Information Security Risk Management: A Comprehensive Guide

Some people may not believe this, but information security’s purpose is, or should be, to serve the business and help the company understand and manage its overall risk. Sure, there are some security professionals that appear to have the goal of spending as much money as possible and getting the latest and greatest software, and there are also some that like to say “no”…for everything…all the time, but the good ones are there to help.

What is a virtual CISO?

Virtual CISO: What Is it? Services, Responsibilities, & Cost

According to ISACA’s State of Cyber Security 2019, 72% of organizations have a chief information security officer (CISO). Also, in that study, only 55% of organizations have an increasing security budget. For many small and mid-sized organizations, budgets are already tight, and hiring a full-time CISO may seem like a luxury. So how does an […]