IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.

Five AWS security tools for SOC 2 compliance

How to Simplify SOC 2 Compliance with AWS Security Tools

Amazon Web Services (AWS) is an ever-evolving cloud services platform that continues on its path to remaining the market leader in cloud infrastructure. If you use AWS services, you have an idea of what we’re talking about. However, are you sure you’re using all the AWS tools possible for SOC 2 compliance? Do you know […]

Understanding the MITRE ATT&CK Framework

The MITRE ATT&CK Framework: How Does MITRE ATT&CK Work?

If you’re an information security professional, there’s a good chance you’ve already heard about the MITRE ATT&CK framework. If it’s something you haven’t heard of, or if you haven’t found the time to dive into its vast trove of information, it’s never too late to start! The following are some of the most common questions […]

Impact of entity level controls

Entity-Level Controls: Impact On An Organization & The Audit Process

When considering controls for an organization, it may not be known that there are more than one level or type of control. To manage their business operations, organizations will have entity-level, divisional, regulatory, transaction-level, and process-specific controls to name a few. Of these controls, entity-level controls are considered to be a crucial part when: one […]

Guide to SOC audit cost

How Much Does A SOC Audit Cost?

There is one question on everyone’s mind when they learn that they need to get a SOC report for one of their clients… How much is this going to cost? Chances are, if you are reading this, then you have the same question. You may read or hear that the cost of a SOC 2 […]

SOC 2 description criteria

What are Description Criteria for a SOC 2 Report?

The description of a service organization’s system in a SOC 2 report is required to be prepared and assessed utilizing the description criteria guidance put forward by the American Institute of Certified Public Accountants (AICPA). The description criteria will be discussed in this blog to provide guidance on the factors to consider when describing a […]

Internal Audit Planning

Why Is Internal Audit Planning Critical To An Effective Audit?

The task of internal audit planning can be overwhelming and involve many individuals. Sometimes it is difficult to even know where to begin. In this article we will break down a few of the common questions when it comes to an internal audit, elaborate on the key steps to the internal audit planning phase, and […]

SOC benefits and audit value

SOC Benefits: Beyond the Value of SOC Compliance for Audits

Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.

Value of SOC for Supply Chain Reports

Is There Value in Obtaining a SOC for Supply Chain Report?

Questions are frequently being asked of organizations that provide products or services regarding the processes and controls included in their supply chain activities (the activities involved to transform a raw material or natural resource into a finished good). If your company has experienced this, you are not alone. The need for organizations to understand supply […]