IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, HITRUST and FedRAMP assessments.

RPA audit process

Robotic Process Automation (RPA) Audit Process Guide & Impacts

RPA is the automation of digital processes in which a software robot takes over the human actions in any software. The technology simplifies the build, deployment, and management of software robots that emulate human actions interacting with digital systems and software. In this article, we will outline the use of RPA and the impacts on […]

PHI vs PII vs PCI

PII, PHI, PCI: Understanding the Differences for Compliance

Personal Identifying Information (PII), Payment Card Industry (PCI) information, and Protected Health Information (PHI) are all information requiring heightened controls to protect the owning person from exploitation. This year alone has seen significant breaches of personal data from Aon (insurance provider), MCG Health (health management system), and Block (cash application/payment processor), impacting roughly 9 million […]

Fraud risk assessment and COSO principle 8

Considerations for Fraud Risk Assessment: COSO Principle 8

The Committee of Sponsoring Organizations of the Treadway Commission (COSO) 2013 internal control framework includes five COSO components and 17 COSO principles and is part of the common criteria included in a SOC 2 assessment. The five COSO components include the following: Control Environment, Risk Assessment, Control Activities, Information and Communication, and Monitoring Activities. For […]

Operating System Hardening & Benefits

Operating System Hardening: Benefits, Importance, & Other Considerations

In the following paragraphs we’ll discuss what hardening means, the benefits and disadvantages it brings, and where to begin in the process of securing an operating system. Let’s first understand what the hardening process is. The concept of hardening, in relation to computing, is when the system is made more secure through the use of […]

PCI & SOC 2 audit requirements

PCI and SOC 2 Audit Requirements: Combining PCI & SOC 2 Audits

Clients often ask me if policies and processes put in place for the Payment Card Industry Data Security Standard (PCI DSS) compliance can be used to pass their Service Organization Control (SOC) 2 audit. While some overlap exists between the security procedures required to “pass” your PCI and SOC 2 audits, the biggest difference between […]