In 2013, the Committee of Sponsoring Organizations of the Treadway Commission, better known as COSO, enhanced their internal control framework that has been widely adopted globally by a large number of organizations. This internal control framework is made up of five COSO components and 17 COSO principles that is used by many organizations to comply […]
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.
What are SOC services in relation to service organization control audits? SOC services, in this context, refers to System and Organization Controls (SOC) and the suite of services CPA firms provide for auditing these controls at a service organization. These audits are referred to as SOC audits. There are several different kinds of SOC audits […]
There is no such thing as a SOC or SSAE 16 (known as SOC 1, which is the marketing name for the standard) certification.
Over the last decade, blockchain security and how it affects cybersecurity has become a hot topic among the information technology and financial circuits. But as with all technology, one must ask how safe it is to use. The most common form of blockchain implementation is known as Bitcoin. Bitcoin has since become one of many […]
You have poured your blood, sweat, and tears in to your startup and it is about to pay off. You are close to finalizing a deal with a new, large customer. You have worked long and hard to connect with them and demonstrate the value of your service or system. They are excited. You are […]
A simple FedRAMP definition is that FedRAMP is a government program designed to bring consistent and repeatable processes to security evaluations of cloud service offerings (CSO) for the federal government. The FedRAMP authorization process is designed to leverage a single security assessment for multiple federal agencies that would like to use the CSO. FedRAMP is […]
Imagine that your system is under attack and your customers are unable to access your system because of this disruption in service. What do you do next and how do you respond? This is where incident management comes into play. An effective incident management process and incident response plan help return your system to normal […]
Has one or more of your customers requested that you undergo a SOC 2 audit? If so you may be asking yourself, what is a SOC 2 report and how do I become SOC 2 compliant? The answers are not as straightforward as you may have hoped as no SOC 2 report is the same. […]
There are five Trust Service Principles (TSPs) that can be included in the scope of a SOC 2 examination.
As the requirement to receive SOC 1 or SOC 2 reports as part of a contract, request for proposal (RFP), or security program increases as a barrier to receiving major clients, it’s important to understand who can perform these audits. This post will identify a number of questions to answer who exactly can perform SOC […]