IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.

Blockchain risks for SOC assessments

Risks of Blockchain on Service Organization Control (SOC) Assessments

Blockchain technology is changing the way businesses around the world operate and provide services. Blockchain is currently most known for its association with cryptocurrencies, most notably, Bitcoin. The use of blockchain extends beyond cryptocurrencies as use cases flourish and major companies invest in blockchain technology. With new integrations and solutions in development, blockchain will disrupt […]

Client acceptance for SOC 2 audits

Client Acceptance: Procedures and Auditor Considerations for Approval

Service organization management and the service auditor each have specific responsibilities in a SOC 2 examination. This blog describes the service auditor’s responsibilities, including the preconditions of engagement acceptance and the importance of understanding the terms of the engagement with management. If you are a service organization looking for a new service auditor, client acceptance […]

SOC 2 security incident reporting

SOC Incident Reporting: What are SOC 2 Security Reporting Requirements?

Over the last year, the world saw a number of major security breaches in the news. Some notable ones include the SolarWinds attack, Colonial Pipeline Hack, and JBS U.S. Beef plant attack. Unfortunately, attacks are nothing new. Other major attacks over the years have included the Equifax data breach, Uber data breach, and WannaCry cyber […]

Azure SOC 2 Compliance

Leveraging the Azure SOC 2 – How to Build a SOC 2 Compliant Product or Service

Microsoft’s Azure cloud computing services are designed to facilitate its clients’ compliance with various security frameworks and standards. Companies leverage Microsoft’s compliant architecture so that certain requirements (e.g. data center physical security and environmental controls) are the responsibility of Microsoft. This is a huge advantage to small to medium-sized businesses that don’t have the resources […]

Guide to monitoring subservice organization controls

Monitoring the Effectiveness of Controls at Subservice Organizations for SOC Reports

When preparing for a SOC 1 or SOC 2 examination, service organizations, particularly those who elect to report their subservice organizations using the carve-out method, often conclude that anything related to their subservice organizations is out of scope for their own SOC report.  However, that is not the case. This blog will discuss the requirements […]

Vulnerability management programs

Vulnerability Management Program: Insights From an Auditor

Vulnerabilities exist within all technology environments. NIST has developed several definitions for vulnerabilities, including a “Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.” As time passes, software vendors, threat actors, or security researchers, will inevitably find defects or vulnerabilities in the […]

Security & Privacy: You Can’t Have Privacy Without Security

Security & Privacy: You Can’t Have Privacy Without Security

In today’s world, great importance and attention are placed on personal privacy and, importantly, privacy over an individual’s personal information and data. The highly electronically connected world and easy availability of information on the internet and through information sharing between organizations raise the concern as to how individuals’ personal information and data are protected. There […]