IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.

Guide to the HITRUST certification process

The Definitive Guide to the HITRUST Certification Process

What is HITRUST Certification? Founded in 2007, HITRUST issues certifications to businesses and organizations that are independently assessed for compliance with its Common Security Framework (CSF). An organization can obtain HITRUST certification when all the required controls are fully implemented within the scoped environment. The HITRUST CSF is designed for use by a variety of […]

AI security policy importance and insights

Enhancing Your Company’s AI Security Policy – Professional Insights

Although Artificial Intelligence (AI) has been around since the late 1950s, it has been out of the public’s attention. It wasn’t until late 2022 when Open AI released ChatGPT for public use that AI captured the public’s attention and renewed interest in the technology. Bloomberg predicts the AI market to explode from a $40 billion […]

ISO Certificate Verification

ISO Certificate Verification: Considerations & Guidance

Within this blog post, we will discuss the importance of knowing how to read an information security standard ISO certificate received from an ISO-certified entity. The knowledge gained from this blog will assist readers in determining that the certificates they obtain are valid. Receipt of a valid ISO certification certificate from a vendor or subservice […]

Guidance for Access Control Management

Access Control Management – Guidance for Audit Compliance

One of the key points of focus when it comes to security compliance is the strength of access management controls. Whether your organization is aiming for compliance with the AICPA’s SOC criteria, NIST framework, GDPR, or HIPAA certification, to name a few, access controls play a key role in the internal control environment. Throughout this […]

How will AI affect security

AI & Security: How Will It Affect Your Organization?

In today’s ever-changing digital landscape, cybersecurity is of utmost importance. As technology progresses, so does the creativity of cybercriminals. With programs like ChatGPT, people are beginning to wonder what role AI plays in cybersecurity, the threat AI poses to their IT infrastructure, and how they can stay ahead of the risk. Shall We Play A […]

Data classification

What is Data Classification? Levels, Compliance, & Standards to Follow

Data classification is the underlying focal point of many compliance standards and requirements. Identifying, categorizing, and maintaining data protection can help achieve compliance requirements, reduce legal risk, prioritize the implementation of security controls, and in turn effectively allocate resources. What Is Data Classification & Why Is it Important? Knowing what data your organization collects, uses, […]

What is a business continuity plan (BCP)?

Business Continuity Planning: Why It’s Essential for Sustainable Success

In today’s fast-paced business environment, organizations face numerous risks and uncertainties that can disrupt their normal operations. What do you do and how do you respond when a disaster hits that causes a disruption or outage of your services? From natural disasters to cyberattacks, these unforeseen events can have devastating consequences on business operations and […]

SOC 2 section 5: The unaudited section

What is Section 5 of the SOC 2? The Unaudited Section of a SOC Report

Section 5, the unaudited section, of the SOC 2 report can vary significantly between reports. It may contain a lot of details about the service organization or it may only contain a response from management for a deficiency. So what can go in this section? There are various topics that can be included that can be […]

Security Compliance

Security Compliance: Understanding the Difference Between Security Vs. Compliance

Throughout my career, I’ve listened to and participated in the debate or discussion surrounding security vs compliance. Most often it seems that those involved in the discussion feel as though they need to take one side or the other. That co-mingling the two is more of a necessary evil versus an activity that provides value […]