Rhonda is a Partner at Linford & Co. delivering risk services including service organization control (SOC) engagements, and Internal Audit services (IT and Business process audits). Rhonda has her CPA, CISSP, PMP, and CISA certifications and delivers leading-edge client service. Previously, Rhonda was a Managing Director at Deloitte, and brings a wealth of expertise in the areas of risk management and compliance.
Static code analysis and static code reviews are key controls in a company’s control environment, specifically related to the system development lifecycle and change management processes, and should be considered for inclusion in a company’s SOC 2 control inventory. Adopting static code analysis and static code reviews and integrating these controls into a Company’s control […]
Security controls are a critical component to meet a Company’s primary SOC 2 goals of security, availability, processing integrity, confidentiality, and privacy of data. There are different control types that can be implemented, and each control that is mapped to a control type is represented with a different identified functionality and purpose. Controls are put […]
Service organization management and the service auditor each have specific responsibilities in a SOC 2 examination. This blog describes the service auditor’s responsibilities, including the preconditions of engagement acceptance and the importance of understanding the terms of the engagement with management. If you are a service organization looking for a new service auditor, client acceptance […]
When preparing for a SOC report (SOC 1 or SOC 2) examination, when the inclusive method is decided upon to represent the subservice providers, there are impacts to the report that a service provider and service auditor must be aware of. There are multiple changes that are required to be made to the standard AICPA […]
This blog is being written to address a topic that has been around for a number of years in the SOX world, but is now becoming more relevant in the SOC world of testing. Why, you might ask, is it becoming more relevant in the SOC world? The reason is simple: because when an entity’s […]
Questions are frequently being asked of organizations that provide products or services regarding the processes and controls included in their supply chain activities (the activities involved to transform a raw material or natural resource into a finished good). If your company has experienced this, you are not alone. The need for organizations to understand supply […]