Linford & Co., LLP, founded in 2008, is comprised of professional and certified auditors with specialized expertise in SOC 1, SOC 2, HIPAA, HITRUST, FedRAMP and royalty/licensing audits. Our auditors hold CPA, CISA, CISSP, GSEC licenses and certifications. Learn more about our company and our leadership team.
With an ever-changing landscape of security threats and available tools and resources, it is important for organizations to periodically evaluate their security maturity and seek to make improvements to maintain a well-balanced security posture. Throughout this blog, we will explore the concept of the capability maturity model with a focus on security maturity in an […]
Personal Identifying Information (PII), Payment Card Industry (PCI) information, and Protected Health Information (PHI) are all information requiring heightened controls to protect the owning person from exploitation. This year alone has seen significant breaches of personal data from Aon (insurance provider), MCG Health (health management system), and Block (cash application/payment processor), impacting roughly 9 million […]
Think of the types of compliance audits or assessments that an organization may have throughout the year – SOC 1, SOC 2, PCI DSS, HIPAA compliance audits, Internal Audits, FedRAMP, and HITRUST assessments just to name a few. The list seems to ever increase as new regulations are added. The origination of an audit could […]
Clients often ask me if policies and processes put in place for the Payment Card Industry Data Security Standard (PCI DSS) compliance can be used to pass their Service Organization Control (SOC) 2 audit. While some overlap exists between the security procedures required to “pass” your PCI and SOC 2 audits, the biggest difference between […]
One of the key parts of security compliance consists of access management controls. Whether your organization is aiming for compliance with the AICPA’s SOC criteria, NIST framework, GDPR, or even HIPAA certification, access controls play a key role in the internal control environment. Throughout this blog, we will explore the types of common access management […]
Data classification is the underlying focal point of many compliance standards and requirements. Identifying, categorizing, and maintaining data protection can help achieve compliance requirements, reduce legal risk, prioritize the implementation of security controls, and in turn effectively allocate resources. Knowing what data your organization collects, uses, stores, processes, and transmits and the level of security […]
The task of internal audit planning can be overwhelming and involve many individuals. Sometimes it is difficult to even know where to begin. In this article we will break down a few of the common questions when it comes to an internal audit, elaborate on the key steps to the internal audit planning phase, and […]
Compliance with the requirements of the HIPAA Security Rule starts with understanding how it is constructed. The HIPAA Security Rule is part of the overall HIPAA Privacy and Security Rule and consists of standards and implementation specifications. Per HIPAA Security Safeguards: Each Security Rule standard is a requirement: a covered entity must comply with all […]
The first step in conducting a HIPAA security compliance audit is to “take inventory” of the electronic protected health information (ePHI) environment.
Throughout 2018 and 2019, the OCR has identified the failure to conduct and adequate risk assessment as a key finding in nearly half of their settlements. Making it the largest single source of identified HIPAA violations. Many organizations undergo some level of third party reporting on their compliance with the HIPAA security rule. Generally these […]