IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.

The DOD CMMC: What you need to know

The DoD CMMC: What You Need to Know

On December 31, 2017, compliance with the Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204-7012 (Revised Oct 21, 2016), Safeguarding Covered Defense Information and Cyber Incident Reporting became mandatory for all contractors (and subcontractors). Since then, the Department of Defense (DoD) has been striving to improve the security within the defense industrial base, or DIB. […]

VPN encryption protocols

Guide to VPN Encryption Protocols: How Does Encryption Work?

In today’s digital world and with many individuals working remotely and executing transactions over the internet, you may wonder how secure your connection is and if your information and that of your employer remain private. Unscrupulous individuals want your private data and your company’s data. Nonpublic data is valuable and if it can be sold […]

Understanding compliance automation tools

Understanding Compliance Automation Tools: Can You Automate SOC 2 Compliance?

The concept of continuous compliance monitoring has been around for many years. Continuous compliance monitoring can be stronger than traditional snapshot-in-time audits. Most traditional audits happen annually and auditors take the point in time evidence as well as evidence samples to gain assurance controls were in place over time. When auditors select samples, even the […]

Security awareness training

Security Awareness Training: Implementing End-User Information Security Awareness Training

Exposing employees to the security threats that exploit businesses, seemingly weekly these days, can help companies protect themselves against those threats. This blog will present the importance of security training, options, and resources, and the frequency that training should be provided. What is Security Awareness Training? Security awareness training is the process of providing information […]

Detective Controls

Detective Controls & Their Impact on the Overall Control Structure

Every organization should design a control structure to identify and address risks related to internal and external forces that impact an organization.  This control structure includes four main types of Internal Controls: Manual Controls IT Dependent Manual Controls Application Controls IT General Controls Preventive and Detective controls can be found within each of these four […]