The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
The cloud computing on-demand model of compute power, database, storage, applications, and other IT resources accomplishes a variety of tasks. It reduces barriers, creates flexibility, and increases speed to market. The benefits of the cloud mean that organizations must seriously consider the cloud to perform business. Whether your organization is new to the cloud or […]
When deciding what kind of SOC report your service organization needs or what kind of report to request from your service organization, the options can be a little confusing. Especially when considering whether you need a SOC 2 vs a SOC 3 report. Many of our clients ask us what a SOC 3 report is, […]
What is operational risk management? And why is operational risk important? Simply defined, operational risk management is a continual process performed to identify and manage the risks inherent to running a business. Risk is fundamental to operating a business, and all businesses have to manage risk of all types, ranging from financial to operational to […]
As the popularity of cloud computing has increased over the last decade, so has the maturity of standards used to govern these resources. This article will provide a definition of cloud computing and cloud computing audits – the objectives of cloud computing, the scope of a cloud computing audit, understanding cloud compliance, and audit steps […]
Following months of hard work, you and your External HITRUST Assessor finally “complete” the assessment and the assessment dashboard now displays 100% of requirements under the “External Assessor Review Complete” status – now what? For most Assessed Entities, that phase is followed by formulating CAPs for requirement statements as part of a control reference required […]
All SOC 2 examinations must include security common criteria. This includes reviewing a company’s (i.e. entity’s) risk assessment process (risks identified, risk matrix, controls in place to address the risks, etc.). However, one of the challenges that the AICPA has found when it comes to doing risk assessments is that companies are unclear on what […]
The most important common criteria tested within the SOC 2 report is the risk assessment. An organization’s risk assessment is the heart and soul of the SOC 2 report. Unfortunately, there are many consequences for lacking well-defined risk assessment and risk management processes: Business/system failure Financial loss Noncompliance with national and foreign laws, regulations, and […]
Having a sound data analytics function within the internal audit department is increasingly critical as the world continues its drive toward digitization. Tools and trends like big data, cloud computing, robotics and automation, machine learning, and artificial intelligence are altering how businesses operate, and internal audits should be no different. The traditional audit approach of […]
Data has become a valuable resource for organizations across the world, and large amounts of data are being collected every day. At the same time, there has been an increase in or emphasis on the laws and regulations aimed at providing safeguards for data collected. A tool that can be used to help manage data […]
The number of cybersecurity incidents continues to rise. This upsurge in frequency and complexity has also resulted in an increase in costs. According to IBM’s 2022 Cost of a Data Breach Report, the average total cost of a data breach is USD $4.35 million, 83% of organizations studied have had more than one data breach, […]
