About L&Co Staff Auditors

Linford Team Icon

Linford & Co., LLP, founded in 2008, is comprised of professional and certified auditors with specialized expertise in SOC 1, SOC 2, HIPAA, HITRUST, FedRAMP and royalty/licensing audits. Our auditors hold CPA, CISA, CISSP, GSEC licenses and certifications. Learn more about our company and our leadership team.

ALL ARTICLES BY L&Co Staff Auditors:
What are the benefits of HITRUST certification?

Healthcare Security Compliance & The Benefits of HITRUST Certification

In previous postings we have talked about HITRUST certification and compliance requirements, understanding the HITRUST certification process, and scoring HITRUST CSF controls, but one question we hear constantly is, “What is the benefit of getting HITRUST certified?” Security Concerns in Healthcare & How to Alleviate Them Over the past few years, healthcare organizations have seen […]

Information Security Risk Management Tips

Some people may not believe this, but information security’s purpose is, or should be, to serve the business and help the company understand and manage its overall risk. Sure, there are some security professionals that appear to have the goal of spending as much money as possible and getting the latest and greatest software, and there are also some that like to say “no”…for everything…all the time, but the good ones are there to help.

The Security Risk Analysis and HIPAA Compliance

The HIPAA Security Rule places a great deal of emphasis on the importance of the security risk analysis—so much so that it was positioned front-and-center as an implementation specification under first standard in the first section of HIPAA. The requirement to complete a security risk analysis is under the Security Management Process standard in the […]

De-Identification of Personal Information

The topic of de-identification of personal information has come up in discussions with clients several times in the past year. In each scenario, our client or potential client is collecting and maintaining a store of personal information which must be protected from breach—customer records, payment card industry cardholder data, electronic protected health information (ePHI), etc. […]