About L&Co Staff Auditors

Linford Team Icon

Linford & Co., LLP, founded in 2008, is comprised of professional and certified auditors with specialized expertise in SOC 1, SOC 2, HIPAA, HITRUST, FedRAMP and royalty/licensing audits. Our auditors hold CPA, CISA, CISSP, GSEC licenses and certifications. Learn more about our company and our leadership team.

ALL ARTICLES BY L&Co Staff Auditors:
PHI vs PII vs PCI

PII, PHI, PCI: Understanding the Differences for Compliance

Personal Identifying Information (PII), Payment Card Industry (PCI) information, and Protected Health Information (PHI) are all information requiring heightened controls to protect the owning person from exploitation. This year alone has seen significant breaches of personal data from Aon (insurance provider), MCG Health (health management system), and Block (cash application/payment processor), impacting roughly 9 million […]

PCI & SOC 2 audit requirements

PCI and SOC 2 Audit Requirements: Combining PCI & SOC 2 Audits

Clients often ask me if policies and processes put in place for the Payment Card Industry Data Security Standard (PCI DSS) compliance can be used to pass their Service Organization Control (SOC) 2 audit. While some overlap exists between the security procedures required to “pass” your PCI and SOC 2 audits, the biggest difference between […]

SOC 2 preparedness for startups

SOC 2 Readiness For Startups: Helpful Hacks for Achieving Compliance

As a startup you face many challenges and customer acquisition is one of them. Large enterprise companies have been increasing their focus on security and requiring vendors to provide various documentation to demonstrate that they have appropriate security measures in place. Undergoing a SOC 2 examination is one of the most effective and efficient ways […]

HIPAA risk assessment

HIPAA Risk Assessment: Security Compliance vs Risk Analysis – What is the Difference?

Throughout 2018 and 2019, the OCR has identified the failure to conduct and adequate risk assessment as a key finding in nearly half of their settlements. Making it the largest single source of identified HIPAA violations. Many organizations undergo some level of third party reporting on their compliance with the HIPAA security rule. Generally these […]

2019 HIPAA Security Breaches

2019 HIPAA Wall of Shame: Recent Security Breaches & Examples for Companies to Learn From

If you’re already following HIPAA compliance-related news, you’re probably already familiar with the “Wall of Shame.” If you’re just getting started, read on. The HIPAA Breach Notification Rule requires Covered Entities and Business Associates to report breaches of protected health information (PHI) to the U. S. Department of Health and Human Services (HHS).

HIPAA Compliance: Know Your Business Associate Agreements

HIPAA Business Associate Agreements

A recent settlement between the US Department of Health and Human Services’ Office of Civil Rights (OCR) and an orthopedic clinic highlights the importance of executing a HIPAA business associate agreement with appropriate third party services providers.

The Security Risk Analysis and HIPAA Compliance

The HIPAA Security Rule places a great deal of emphasis on the importance of the security risk analysis—so much so that it was positioned front-and-center as an implementation specification under first standard in the first section of HIPAA. The requirement to complete a security risk analysis is under the Security Management Process standard in the […]

The HIPAA Contingency Plan

One of the areas we review on all audits and assessments of the HIPAA Security Rule is HIPAA’s requirements concerning contingency plans.