About Rob Pierce, Partner | CISSP, CISA

Rob started with Linford & Co., LLP in 2011 and leads the HITRUST practice as well as performs SOC examinations and HIPAA assessments. He has spoken at Data Center World on compliance-related topics and has completed over 200 SOC examinations. He started his career as an IT auditor in 2003 with PwC in the Systems and Process Assurance group, and has worked in a variety of industries in internal audit as well as for the City and County of Denver.

CONTACT AUDITOR
ALL ARTICLES BY Rob Pierce, Partner | CISSP, CISA:
What is a SOC 2 report, compliance

What is a SOC 2 Report? Expert Advice You Need to Know

In this article, we will cover some common questions that come up related to SOC 2 reports. SOC 2 compliance does not have to be difficult although with some of the terminology, it can initially be confusing. So what are SOC 2 reports and examinations? Let’s dive in! What is SOC 2 Certification or Attestation? […]

What is HIPAA Compliance? Certification?

What is HIPAA Compliance? Certification? A Summary of HIPAA

When considering HIPAA compliance, it’s a bit of the wild west out there right now. The Office of Civil Rights (OCR), enforces fines and sanctions for HIPAA violations, but it is mostly on a reactionary basis. You can review the HIPAA cases currently under investigation and get a sense of the type of incidents and […]

What is hitrust?

What is HITRUST? A Practical Guide to Certification

Our firm has been a HITRUST CSF assessor for nearly a year and we have numerous lessons learned. We have seen common pitfalls as well as identified what is needed to make HITRUST compliance achievable, even for a small company. This article will summarize what we have learned about HITRUST and the process for HITRUST […]

Leveraging the AWS SOC 2

Leveraging the AWS SOC 2: How to Build a SOC 2 Compliant SaaS

So you have built a Software-as-a-Service (SaaS) application on top of AWS or another infrastructure-as-a-service provider. It’s likely one of the reasons you did so was to leverage the AWS SOC 2 compliant infrastructure. Service organizations like AWS receive SOC 2 reports to demonstrate to stakeholders such as investors and clients that the AWS infrastructure […]

HIPAA compliance audits

A Summarized Guide to HIPAA Compliance Audits

If you hold protected health information for your clients, either in electronic (ePHI) or hard copy form (PHI), you must comply with the Health Insurance Portability and Accountability Act (HIPAA). In some cases, a client may have asked that you sign a business associate agreement or BAA. When signing a BAA, you commit to follow […]

SOC qualified opinions and what they mean

SOC Qualified Opinions & What they Mean for Your Organization

Qualified opinions mean that either the internal controls were not designed (Type I or II) or operating (Type II only) effectively for one or more control objectives included within a SOC 1 report or Trust Services Criteria included within a SOC 2 report. In a SOC report, management asserts that certain controls are in place. […]

What is Hitrust Certification?

What is HITRUST Certification & What is Required for Compliance?

Health care related organizations who wish to demonstrate their compliance with HIPAA and other regulations are choosing more and more to become HITRUST compliant or certified. We know…another information security framework…great! In the past, health care organizations have either signed business associate agreements or verbally committed to their partners that they were HIPAA compliant and […]