IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.

What is a SOC 1 report?

What is a SOC 1 Report? Expert Advice You Need to Know

This article was originally published on 11/22/2017, and was updated on 12/29/2020. We frequently are asked by our clients and prospective clients, “What are SOC 1 reports and when they should be considered?” Our response is usually a question, “How does your service impact the financials of your clients?” In some cases, the prospective client […]

Cybersecurity trends

Cybersecurity Trends: Industry Trends To Watch for in 2021

There’s nothing like another significant security breach to once again remind us all that, whether we like it or not, security has to remain top of mind and a priority for businesses, organizations, and individuals alike. News of the U.S. Treasury and Commerce Depts. hack, also referred to as the active exploitation of SolarWinds software, […]

Suitable audit criteria

Defining Suitable Criteria in an Audit Engagement

When presented with the task of an audit being performed, the questions that the auditor and auditee have are: What is the objective of the audit? What is to be achieved? What is the need of the users of the output of the audit?   Identifying Suitable Criteria Every audit is an evaluation of subject […]

What are audit assertions?

What is an Assertion? How Audit Assertions Relate to SOC Reports

The Oxford dictionary defines an assertion as “a confident and forceful statement of fact or belief.” Making an assertion is often used synonymously with stating an opinion or making a claim. While assertions are made in all aspects of life, most people think of a company’s financial statements or the financial statements audit when they think of assertions in an accounting or business setting.

HIPAA Security Rule Requirements

HIPAA Security Rule Requirements & Implementation Specifications

Compliance with the requirements of the HIPAA Security Rule starts with understanding how it is constructed. The HIPAA Security Rule is part of the overall HIPAA Privacy and Security Rule and consists of standards and implementation specifications. Per HIPAA Security Safeguards: Each Security Rule standard is a requirement: a covered entity must comply with all […]

Deconstructing SSAE 18/SOC 1/SOC 2 (formerly SAS 70)

Deconstructing SSAE 18/SOC 1/SOC 2 (formerly known as SAS 70 / SSAE 16) Audit Reports

Many U.S. companies receive what, until recently, were called SAS 70 audit reports from certain types of vendors. These reports come out once a year, typically in the late Fall. While most organizations do a good job of recognizing the need to request these reports, often they are not properly reviewed and evaluated when received. So, what do you do with the report once it has been received other than give it the internal and external auditors?

SOC report guide

SOC Audit Report Overview: The Definitive Guide

A SOC (System and Organization Controls) report is a report on controls at a service organization related to various types of subject matter, for example: controls that affect user entities’ financial reporting; controls that affect the security, availability, and processing integrity of the systems; or the confidentiality or privacy of the information processed for user entities’ clients.