Service organizations often ask our firm if they have to give out their SOC 1 (formerly SSAE 16) or SOC 2 report to user organizations or prospective user organizations
Incident Response Plans (IRP) are an extremely important element of dealing with security incidents. Traditionally, an IRP has been when an organization creates a scenario on paper and performs a walkthrough of the incident with key members of the incident response team to determine whether everyone understands what to do in the event an incident […]
When deciding what kind of SOC report your service organization needs or what kind of report to request from your service organization, the options can be a little confusing. Especially when considering whether you need a SOC 2 vs a SOC 3 report. Many of our clients ask us what the difference is between a […]
Information security is a hot topic and receives frequent headlines due to the weekly—if not daily—security breaches that occur on a global scale. At Linford & Co, we work with service providers on a regular basis to evaluate aspects of their information security by independently testing the design and operating effectiveness of their controls.
If my company is not a healthcare provider, what do we need to do to demonstrate proper vendor due diligence required by HIPAA/HITECH? Many times, this question is posed to audit firms and consulting firms when a client receives a security questionnaire from a potential or existing healthcare customer they provide services. This article will […]
What is Enterprise Security? Enterprise security is the process by which an organization protects its information assets (data, servers, workstations, storage, networking, applications, etc.) from infringement of confidentiality, integrity, or availability. It includes policies and procedures which provide guidance on the who, what, why, and how to implement the protection mechanism for an organization’s information […]
Data security refers to the controls implemented by a company to protect its data from unauthorized access and corruption. A good control environment around data security isn’t built on trust, it’s built on controls that are operating effectively allowing verification and adequate oversight. The implementation of mature data security protocol and measures by which individuals […]
Every year as summer draws to a close, one of the most sought-after topics for discussion that clients, business associates, and others reach out to our firm about is regarding Gap Letters— sometimes called Bridge Letters.
Clients will often ask why we complexify certain types of audit procedures.
Internal controls are essential process steps that allow for one to determine or confirm whether certain requirements are being done per a certain expectation, law, or policy. Additionally, internal controls allow auditors to perform tests to gain assurance that a process is designed and operating properly. In this post, we will discuss what internal controls […]