Rhonda is a Partner at Linford & Co. delivering risk services including service organization control (SOC) engagements, and Internal Audit services (IT and Business process audits). Rhonda has her CPA, CISSP, PMP, and CISA certifications and delivers leading-edge client service. Previously, Rhonda was a Managing Director at Deloitte, and brings a wealth of expertise in the areas of risk management and compliance.
With cyber threats evolving at an unprecedented rate, everyone must adopt robust security frameworks to protect sensitive information. One of the most widely recognized and implemented information security standards is ISO/IEC 27001:2022 (commonly referenced as “ISO 27001”). This internationally accepted standard provides a systematic approach to managing sensitive company and customer data, ensuring confidentiality, integrity, […]
Recently, a client asked if we could provide them some insight on the similarities, differences, advantages, and disadvantages of getting a SOC 2 Security versus an ISO/IEC 27001:2022 certification.
As I pondered about what blog content may be interesting and useful to our current and prospective clients, I kept coming back to one interesting client discussion I recently had. I was working with a first-year SOC 2 readiness client, and they were asking for insights and my perspectives on best practices for conducting an […]
Within this blog post, we will discuss the importance of knowing how to read an information security standard ISO certificate received from an ISO-certified entity. The knowledge gained from this blog will assist readers in determining that the certificates they obtain are valid. Receipt of a valid ISO certification certificate from a vendor or subservice […]
Software supply chain attacks increased by 650% during 2021. In addition, Gartner® predicts that by 2025 “45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.” The need for users to understand supply chain processes and the controls that exist to minimize risks around supply chain activities […]
Static code analysis and static code reviews are key controls in a company’s control environment, specifically related to the system development lifecycle and change management processes, and should be considered for inclusion in a company’s SOC 2 control inventory. Adopting static code analysis and static code reviews and integrating these controls into a Company’s control […]
Security controls are a critical component to meet a Company’s primary SOC 2 goals of security, availability, processing integrity, confidentiality, and privacy of data. There are different control types that can be implemented, and each control that is mapped to a control type is represented with a different identified functionality and purpose. Controls are put […]
Service organization management and the service auditor each have specific responsibilities in a SOC 2 examination. This blog describes the service auditor’s responsibilities, including the preconditions of engagement acceptance and the importance of understanding the terms of the engagement with management. If you are a service organization looking for a new service auditor, client acceptance […]
When preparing for a SOC report (SOC 1 or SOC 2) examination, when the inclusive method is decided upon to represent the subservice providers, there are impacts to the report that a service provider and service auditor must be aware of. There are multiple changes that are required to be made to the standard AICPA […]
This blog is being written to address a topic that has been around for a number of years in the SOX world, but is now becoming more relevant in the SOC world of testing. Why, you might ask, is it becoming more relevant in the SOC world? The reason is simple: because when an entity’s […]
