Rob started with Linford & Co., LLP in 2011 and helps lead the HITRUST and ISO practices as well as performs SOC audits, NIST 800-171, and HIPAA assessments. He has spoken at Data Center World on compliance-related topics and has completed over 800 SOC examinations. He started his career as an IT auditor in 2003 with PwC in the Systems and Process Assurance group, and has worked in a variety of industries in internal audit as well as for the City and County of Denver.
In this article, we will cover some common questions that come up related to SOC 2 reports. SOC 2 does not have to be difficult although, with some of the terminology, it can initially be confusing. So what are SOC 2 reports? Let’s dive in! With today’s prevalence of cloud computing, information security and the […]
Who likes dealing with regulatory compliance? It’s not the most fun or popular task for organizations to deal with. Yet we live in a world with increasing risks related to information security, increasing regulation, and less time to commit to dealing with these factors. With the proliferation of artificial intelligence (AI) and compliance automation tools […]
We frequently are asked by our clients and prospective clients, “What are SOC 1 reports and when they should be considered?” Our response is usually a question, “Can your service impact the financial statements of your clients?” In some cases, the prospective client has an immediate answer and describes the financially relevant process. In other […]
Over the last few years, there has been a proliferation of SOC 2 audit and compliance tools coming to market. The companies providing the tools are promising to help clients prepare for and complete audits in record time. There is venture capital interest in the tools as well, with 200+ million in backing to date. […]
Microsoft’s Azure cloud computing services are designed to facilitate its clients’ compliance with various security frameworks and standards. Companies leverage Microsoft’s compliant architecture so that certain requirements (e.g. data center physical security and environmental controls) are the responsibility of Microsoft. This is a huge advantage to small to medium-sized businesses that don’t have the resources […]
When building Software-as-a-Service (SaaS) applications over the last few years, more and more companies are electing to leverage an infrastructure-as-a-service provider like Google Cloud Platform (GCP). One of the main reasons companies do so is to leverage the GCP SOC 2 compliant infrastructure. These SaaS companies, also labeled as service organizations by the American Institute […]
When considering HIPAA compliance, it’s a bit of the wild west out there right now. The Office of Civil Rights (OCR), enforces fines and sanctions for HIPAA violations, but it is mostly on a reactionary basis. You can review the HIPAA cases currently under investigation and get a sense of the type of incidents and […]
Many of our clients have built a Software-as-a-Service (SaaS) application on top of AWS and are leveraging AWS controls as part of their systems environment. One reason our clients do this is to leverage the AWS SOC 2-compliant infrastructure. Service organizations like AWS have their own SOC 2 report to provide assurance to stakeholders that […]
If you hold protected health information for your clients, either in electronic (ePHI) or hard copy form (PHI), you must comply with the Health Insurance Portability and Accountability Act (HIPAA). In some cases, a client may have asked that you sign a business associate agreement or BAA. When signing a BAA, you commit to follow […]
The concept of user control considerations within SOC reports has been around since SOC reports were referred to as SAS 70s, although the AICPA’s term used to describe user control considerations has changed over time. These controls are now known as complementary user entity controls (CUEC). You may also hear these controls referred to as […]
