The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
Defining the scope of a SOC (System and Organization Controls) assessment is often the starting point for any meaningful audit preparation. The scope is critical because it determines which systems, services, and periods will be evaluated, impacting the value and usefulness of the SOC audit report to stakeholders. In this article, we’ll walk through essential […]
Under the Patient Protection and Affordable Care Act (the “ACA”), health insurance marketplaces have been set up to facilitate the purchase of health insurance in each state.
Internal and external audits, while sharing some common elements, serve distinct purposes in an organization. In this blog, we will explain the key characteristics of each type of audit and examine how they overlap, as well as where they differ, to provide a greater understanding for our readers. What is An Internal Audit? An internal […]
Passwords have always been a hot topic of discussion both in and out of security circles. Users have always hated being forced to come up with schemes to meet the complexity rules or change their passwords at defined intervals. The multitude of password requirements of the past have frustrated users and have led to bad […]
Organizations continue to face an ever-growing number of cybersecurity threats. As threats become more sophisticated and advanced, it is critical to protect the network and sensitive data. Two tools that can aid in safeguarding your network and data are an Intrusion Detection System (IDS) and an Intrusion Prevention System (IPS). They both play important roles […]
On March 11, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) introduced a new form for secure software development attestations. After working closely with various industry groups, a standard form was released to make certain software companies working with the federal government use basic secure development methods […]
I was recently working with an organization where I saw firsthand how complicated access management can become without a proper role-based access control (RBAC) method. The organization had been assigning granular permission assignments to users in a very manual way. When a new employee was onboarded, they would often clone the permissions of a similar […]
On July 25, 2024, the White House Office of Management and Budget (OMB) released M-24-15, “Modernizing the Federal Risk and Authorization Management Program (FedRAMP)” which outlined four strategic goals, one of which related to FedRAMP authorizations: “Rapidly increase the size of the FedRAMP Marketplace by evolving and offering additional FedRAMP Authorization Paths.” As part of […]
The AICPA Auditing Standards Board issued Statement of Quality Management Standards (SQMS) No. 1 in June 2022 for CPA firms having an accounting or auditing practice, with an effective date of December 15, 2025. SQMS No. 1 supersedes Statement on Quality Control Standards No. 8, A Firm’s System of Quality Management. As a reader of […]
Personal Identifying Information (PII), Payment Card Industry (PCI) information, and Protected Health Information (PHI) are all information requiring heightened controls to protect the owning person from exploitation. In 2024, several high-profile data breaches exposed sensitive information, highlighting the ongoing struggle to protect PII, PCI, and PHI. In March, AT&T was breached, compromising data from 7.6 […]
