During my time as an auditor, I have had the privilege of working with many clients of all shapes and sizes. As clients prepare for an audit, especially a first-time audit, I often get asked for recommendations on how to help ensure a successful audit outcome. One of the most crucial areas related to security […]
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
The HITRUST Readiness Assessment Guide
When we engage with clients who are just starting their HITRUST adoption and certification journey, one of the first steps is a readiness assessment. In this article, we will cover the following topics: The various forms of readiness assessments and their characteristics. Challenges organizations face when they are performing a readiness assessment. Success factors which […]
A Guide to Microsoft’s Supplier Security Privacy Assurance (SSPA) Program
Today’s information age mandates organizations take appropriate action to ensure effective security and privacy practices are embedded throughout the entire organization. The effectiveness of privacy and security practices should continually be assessed to ensure they remain adequate and sufficient to support the organization’s ever-changing risk profile. It’s imperative that organizations not only assess their own […]
A Guide to HITRUST Interim Assessments
Any organization that has completed a HITRUST assessment knows they represent a significant amount of effort and a significant commitment to compliance and certification. While many HITRUST levels of certification are only good for one year, HITRUST’s r2 certification is good for two years, but…the HITRUST r2 certification requires an ‘interim’ assessment every other year […]
Critical Audit Matters (CAMs) & SOC 1 Reports – Could They Be Related?
Auditors performing financial statement audits are already aware of the Public Company Accounting Oversight Board (PCAOB) auditing standard AS 3101, The Auditor’s Report on an Audit of Financial Statements When the Auditor Expresses an Unqualified Opinion effective for audits of fiscal years ending on or after December 15, 2017. Within this standard are the requirements […]
Business Continuity vs. Disaster Recovery: The Building Blocks for Preparation
Disaster recovery plans and business continuity plans are unique to each and every company. In this article, we will walk through the purpose of these documents, their similarities and differences, the relevant controls, and common scenarios for disaster recovery. What Is the Purpose of a DRP? How Is It Different Than a BCP, BIA, & […]
What is HITRUST? A Comprehensive Guide to HITRUST Assessments
Our firm has been a HITRUST External Assessor Organization since 2017, and in that time we have successfully helped dozens of organizations obtain and maintain HITRUST certifications. We have identified common pitfalls and other barriers to success and we’ve also learned some keys to success. In this article, I’ll break down some of the most […]
Enhancing Your Company’s AI Security Policy – Professional Insights
Although Artificial Intelligence (AI) has been around since the late 1950s, it has been out of the public’s attention. It wasn’t until late 2022 when Open AI released ChatGPT for public use that AI captured the public’s attention and renewed interest in the technology. Bloomberg predicts the AI market to explode from a $40 billion […]
ISO Certificate Verification: Considerations & Guidance
Within this blog post, we will discuss the importance of knowing how to read an information security standard ISO certificate received from an ISO-certified entity. The knowledge gained from this blog will assist readers in determining that the certificates they obtain are valid. Receipt of a valid ISO certification certificate from a vendor or subservice […]
Access Control Management – Guidance for Audit Compliance
One of the key points of focus when it comes to security compliance is the strength of access management controls. Whether your organization is aiming for compliance with the AICPA’s SOC criteria, NIST framework, GDPR, or HIPAA certification, to name a few, access controls play a key role in the internal control environment. Throughout this […]