With the proliferation of data breaches and hacks that occur today, it’s no wonder there is a greater focus on information security. SOC 2 reports are general use reports that provide assurance to user organizations and stakeholders that a particular service is being provided securely. A SOC 2 can also include criteria related to Availability, […]
About Rob Pierce, Partner | CISSP, CISA
Rob started with Linford & Co., LLP in 2011 and leads the HITRUST practice as well as performs SOC examinations and HIPAA assessments. He has spoken at Data Center World on compliance-related topics and has completed over 200 SOC examinations. He started his career as an IT auditor in 2003 with PwC in the Systems and Process Assurance group, and has worked in a variety of industries in internal audit as well as for the City and County of Denver.
What is SOC 2? A Guide to Compliance & Certification
Today, information security is of greater concern and importance than ever before, and that’s saying a lot! Every day there are new data breaches reported costing companies billions of dollars in combined losses. IBM recently published the 2023 Cost of a Breach article and notes the cost of a breach to be an average of […]
What is a SOC 1 Report? Expert Advice for Audit Compliance
We frequently are asked by our clients and prospective clients, “What are SOC 1 reports and when they should be considered?” Our response is usually a question, “Can your service impact the financial statements of your clients?” In some cases, the prospective client has an immediate answer and describes the financially relevant process. In other […]
AICPA FAQs on SOC 2 Automation Tools: Insights from an Auditor
Over the last few years, there has been a proliferation of SOC 2 audit and compliance tools coming to market. The companies providing the tools are promising to help clients prepare for and complete audits in record time. There is venture capital interest in the tools as well, with 200+ million in backing to date. […]
Leveraging the Azure SOC 2 – How to Build a SOC 2 Compliant Product or Service
Microsoft’s Azure cloud computing services are designed to facilitate its clients’ compliance with various security frameworks and standards. Companies leverage Microsoft’s compliant architecture so that certain requirements (e.g. data center physical security and environmental controls) are the responsibility of Microsoft. This is a huge advantage to small to medium-sized businesses that don’t have the resources […]
Understanding Compliance Automation Tools: Can You Automate SOC 2 Compliance?
The concept of continuous compliance monitoring has been around for many years. Continuous compliance monitoring can be stronger than traditional snapshot-in-time audits. Most traditional audits happen annually and auditors take the point in time evidence as well as evidence samples to gain assurance controls were in place over time. When auditors select samples, even the […]
Leveraging the Google Cloud SOC 2: How to Build a SOC 2 Compliant SaaS
When building Software-as-a-Service (SaaS) applications over the last few years, more and more companies are electing to leverage an infrastructure-as-a-service provider like Google Cloud Platform (GCP). One of the main reasons companies do so is to leverage the GCP SOC 2 compliant infrastructure. These SaaS companies, also labeled as service organizations by the American Institute […]
What is HIPAA Compliance? Certification? A Summary of HIPAA
When considering HIPAA compliance, it’s a bit of the wild west out there right now. The Office of Civil Rights (OCR), enforces fines and sanctions for HIPAA violations, but it is mostly on a reactionary basis. You can review the HIPAA cases currently under investigation and get a sense of the type of incidents and […]
Leveraging the AWS SOC 2: How to Build a SOC 2 Compliant SaaS
So you have built a Software-as-a-Service (SaaS) application on top of AWS or another infrastructure-as-a-service provider. It’s likely one of the reasons you did so was to leverage the AWS SOC 2 compliant infrastructure. Service organizations like AWS receive SOC 2 reports to demonstrate to stakeholders such as investors and clients that the AWS infrastructure […]
A Summarized Guide to HIPAA Compliance Audits
If you hold protected health information for your clients, either in electronic (ePHI) or hard copy form (PHI), you must comply with the Health Insurance Portability and Accountability Act (HIPAA). In some cases, a client may have asked that you sign a business associate agreement or BAA. When signing a BAA, you commit to follow […]