About Rob Pierce, Partner | CISSP, CISA

Rob started with Linford & Co., LLP in 2011 and leads the HITRUST practice as well as performs SOC examinations and HIPAA assessments. He has spoken at Data Center World on compliance-related topics and has completed over 200 SOC examinations. He started his career as an IT auditor in 2003 with PwC in the Systems and Process Assurance group, and has worked in a variety of industries in internal audit as well as for the City and County of Denver.

ALL ARTICLES BY Rob Pierce, Partner | CISSP, CISA:
Understanding compliance automation tools

Understanding Compliance Automation Tools: Can You Automate SOC 2 Compliance?

The concept of continuous compliance monitoring has been around for many years. Continuous compliance monitoring can be stronger than traditional snapshot-in-time audits. Most traditional audits happen annually and auditors take the point in time evidence as well as evidence samples to gain assurance controls were in place over time. When auditors select samples, even the […]

Leveraging the Google Cloud SOC 2

Leveraging the Google Cloud SOC 2: How to Build a SOC 2 Compliant SaaS

When building Software-as-a-Service (SaaS) applications over the last few years, more and more companies are electing to leverage an infrastructure-as-a-service provider like Google Cloud Platform (GCP). One of the main reasons companies do so is to leverage the GCP SOC 2 compliant infrastructure. These SaaS companies, also labeled as service organizations by the American Institute […]

What is SOC 2?

What is SOC 2? An Expert’s Guide to Audits, Reports, Attestation, & Compliance

With the proliferation of data breaches and hacks that occur today, it’s no wonder there is a greater focus on information security. SOC 2 reports are general use reports that provide assurance to user organizations and stakeholders that a particular service is being provided securely. A SOC 2 can also include criteria related to Availability, […]

What is HIPAA Compliance? Certification?

What is HIPAA Compliance? Certification? A Summary of HIPAA

When considering HIPAA compliance, it’s a bit of the wild west out there right now. The Office of Civil Rights (OCR), enforces fines and sanctions for HIPAA violations, but it is mostly on a reactionary basis. You can review the HIPAA cases currently under investigation and get a sense of the type of incidents and […]

What is hitrust?

What is HITRUST? A Practical Guide to Certification

Our firm has been a HITRUST CSF assessor for nearly a year and we have numerous lessons learned. We have seen common pitfalls as well as identified what is needed to make HITRUST compliance achievable, even for a small company. This article will summarize what we have learned about HITRUST and the process for HITRUST […]

Leveraging the AWS SOC 2

Leveraging the AWS SOC 2: How to Build a SOC 2 Compliant SaaS

So you have built a Software-as-a-Service (SaaS) application on top of AWS or another infrastructure-as-a-service provider. It’s likely one of the reasons you did so was to leverage the AWS SOC 2 compliant infrastructure. Service organizations like AWS receive SOC 2 reports to demonstrate to stakeholders such as investors and clients that the AWS infrastructure […]

HIPAA compliance audits

A Summarized Guide to HIPAA Compliance Audits

If you hold protected health information for your clients, either in electronic (ePHI) or hard copy form (PHI), you must comply with the Health Insurance Portability and Accountability Act (HIPAA). In some cases, a client may have asked that you sign a business associate agreement or BAA. When signing a BAA, you commit to follow […]

SOC qualified opinions and what they mean

SOC Qualified Opinions & What they Mean for Your Organization

Qualified opinions mean that either the internal controls were not designed (Type I or II) or operating (Type II only) effectively for one or more control objectives included within a SOC 1 report or Trust Services Criteria included within a SOC 2 report. In a SOC report, management asserts that certain controls are in place. […]

What is Hitrust Certification?

What is HITRUST Certification & What is Required for Compliance?

Health care related organizations who wish to demonstrate their compliance with HIPAA and other regulations are choosing more and more to become HITRUST compliant or certified. We know…another information security framework…great! In the past, health care organizations have either signed business associate agreements or verbally committed to their partners that they were HIPAA compliant and […]