The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
As companies grow and become subject to increasing regulatory scrutiny, one of the most valuable intangible assets that executives can foster is a culture of compliance. This blog post will describe the importance of a culture of compliance and how to create it. What is a Culture of Compliance? Culture is defined as “the set […]
There are five Trust Service Principles (TSPs) that can be included in the scope of a SOC 2 examination.
Having the right controls in place is critical for an organization to protect its systems and safeguard its clients’ data. Identifying, designing, and implementing an appropriate set of controls is quite an accomplishment for most young companies. If you have implemented controls within your organization to maintain security, the next question to ask is: How […]
Is your organization growing and are your clients asking if you have specific certifications? You are not alone. Many small businesses or start-ups with incredible products or services have found themselves in the same situation. The SOC 2 compliance status of a cloud service provider or Software-as-a-Service (SaaS) company is an important factor when choosing […]
A request for proposal has just come out that is in your company’s wheelhouse but instead of only requiring HIPAA and SOC 2, the proposal suggests that those who are HITRUST compliant either receive more consideration or may be the only proposals considered at all. What happens now? Are you prepared? Do you know what […]
With an ever-changing landscape of security threats and available tools and resources, it is important for organizations to periodically evaluate their security maturity and seek to make improvements to maintain a well-balanced security posture. Throughout this blog, we will explore the concept of the capability maturity model with a focus on security maturity in an […]
As the sophistication and volume of mobile security threats increase, mobile device users and mobile application developers need to be vigilant and stay on top of emerging mobile security threats in order to protect their sensitive data and reputation. This blog delves into some common mobile security threats and what actions may be taken to […]
An audit is intended to build trust, decrease risk and encourage efficiency in business practices. While these traits are important for all businesses, they are critical for entities within the healthcare industry. No company is immune to risk, but those in the healthcare industry have a higher inherent risk based on the types of data […]
The cloud computing on-demand model of compute power, database, storage, applications, and other IT resources accomplishes a variety of tasks. It reduces barriers, creates flexibility, and increases speed to market. The benefits of the cloud mean that organizations must seriously consider the cloud to perform business. Whether your organization is new to the cloud or […]
When deciding what kind of SOC report your service organization needs or what kind of report to request from your service organization, the options can be a little confusing. Especially when considering whether you need a SOC 2 vs a SOC 3 report. Many of our clients ask us what a SOC 3 report is, […]
