The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
Are you interested in SOC services but unsure what will be asked from you if internal control deficiencies are found? We all know the scary words “qualification” or “misstatement”, but what about the less scary but still important term: deficiency? This is also known as a “finding” or “gap” and a deficiency can also be […]
Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.
Software supply chain attacks increased by 650% during 2021. In addition, Gartner® predicts that by 2025 “45% of organizations worldwide will have experienced attacks on their software supply chains, a three-fold increase from 2021.” The need for users to understand supply chain processes and the controls that exist to minimize risks around supply chain activities […]
Has one or more of your customers requested that you undergo a SOC 2 audit? If so, you may be asking yourself, what is a SOC 2 report and how do I become SOC 2 compliant? Is there a SOC 2 compliance checklist I can use to prepare? The answers are not as straightforward as […]
We frequently are asked by our clients and prospective clients, “What are SOC 1 reports and when they should be considered?” Our response is usually a question, “Can your service impact the financial statements of your clients?” In some cases, the prospective client has an immediate answer and describes the financially relevant process. In other […]
Many of our clients and prospects get asked for a “SOC report” from their clients or customers without any further clarification. Also, many get asked for a SOC 1 and a SOC 2… so how do they know what they need? Do they need both? Just one? We get these questions all the time, and […]
Most people have some degree of familiarity with contracts, but the nuances of contractual requirements related to an audit engagement are not always understood. If you are looking to engage an auditor, or if you have an existing engagement letter with an auditor, it is important to understand these nuances and the requirements for audit […]
SOC 2 considerations for software as a service (SaaS) providers can be a hard decision. On one hand, it has oftentimes become a contractual requirement but on the other hand, if that client or clients requesting the report do not provide enough revenue to offset that expense, the business case to move forward may not […]
“What is HITRUST?” is typically the first question asked by organizations exploring HITRUST for the first time. Formerly, HITRUST stood for Health Information Trust Alliance but several years ago it rebranded to simply HITRUST to align with changes to the “framework,” making it industry agnostic. Is HITRUST a Framework? HITRUST is far more than a […]
I once attended a training where the class was broken out into small groups, and each group was tasked with assembling an elaborate box of blocks and accessories in a precise order to create a motorcycle. However, for this exercise, the instructions were removed from the box and the moderator did not provide any guidance […]
