PCI Compliance deals with the Payment Card Industry (PCI). If your entity is a merchant that is involved in processing payment card transactions, then the standards apply to your entity and your entity should be compliant with the PCI Data Security Standard (DSS) in order to protect cardholder data. While the PCI DSS is not […]
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.
Many users are unsure as to the difference between a SOC 2 (System and Organization Control) report and PCI DSS (Payment Card Industry Data Security Standard) compliance. While the two may have overlapping areas of focus, they are quite different. The main difference between the two is that PCI is specific to businesses that accept […]
Containers and the concept of containerization has been growing rapidly over the past few years, and many organizations are struggling to keep up with the new technology and keeping their systems secure. If you and your organization are considering trying to use or moving to containers, many of your current security processes and procedures will […]
An integrated audit incorporates the review of internal controls into the overall audit of the financial statements, which is now a requirement for public companies. Since the Sarbanes-Oxley Act came into effect, management is responsible for establishing, maintaining and reporting on an internal control structure and procedures for financial reporting, and auditors are required to asses this internal control structure.
The Public Company Accounting Oversight Board (PCAOB) is a regulatory board reporting to the SEC who oversees the audits of public companies. Congress created the PCAOB in 2002 with the Sarbanes-Oxley Act (SOX) in response to a series of accounting scandals, notably Enron and Worldcom, to tighten controls on the auditing industry.
This blog post is meant to provide details on patch management including the importance of a documented patch management process, how to implement the process successfully, and some common issues and roadblocks to avoid when doing so. What is a Patch and Why is Patching Important? A patch is a piece of code that is […]
If you’re already following HIPAA compliance-related news, you’re probably already familiar with the “Wall of Shame.” If you’re just getting started, read on. The HIPAA Breach Notification Rule requires Covered Entities and Business Associates to report breaches of protected health information (PHI) to the U. S. Department of Health and Human Services (HHS).
If you were asked what every company or organization has in common; what would you say? Well, there are many potential answers, but one thing is for certain — all companies/organizations are at risk for insider threats in cyber security. There is a lot of attention in the media about companies being hacked by external […]
The trust services criteria applicable to a SOC 2 privacy audit covering the privacy criteria applies only to personal information such as health records, payment card information, or other personally identifiable information (PII). This is different than for the confidentiality criteria which applies to various types of sensitive information such as customer lists, product specifications, […]
Service organizations often ask our firm if they have to give out their SOC 1 (formerly SSAE 16) or SOC 2 report to user organizations or prospective user organizations