A SOC (System and Organization Controls) report is a report on controls at a service organization related to various types of subject matter, for example: controls that affect user entities’ financial reporting; controls that affect the security, availability, and processing integrity of the systems; or the confidentiality or privacy of the information processed for user entities’ clients.

Determining materiality in an attestation audit can be challenging when the scope of the audit cannot be quantitatively measured. As stated in an AICPA Discussion Paper, “When providing assurance services, it’s important that practitioners understand what information will most significantly impact stakeholders’ decision-making process, which is central to a practitioner’s consideration of engagement materiality.” In […]

“Why wash your hands?” “How to Protect yourself and others.” These are headlines that I recently ran across while browsing daily news updates. For months, we’ve been bombarded with advice and guidance on how to stay healthy during the COVID-19 pandemic. While the guidance may vary, the topic of handwashing and avoiding hand contact (i.e. […]

In the world of accounting and audit services, assurance, attest, and audit play key roles. The question often arises: What is audit assurance? What is the difference between these three terms? How do they relate or complement each other? A definition check with Merriam-Webster provides the following: Assurance: the state of being assured: such as […]

Linford & Company offers two types of reports that address security, the SOC 2 Security report and the AT 601 HIPAA Security report.

Exposing employees to the security threats that exploit businesses, seemingly weekly these days, can help companies protect themselves against those threats. This blog will present the importance of security training, options, and resources, and the frequency that training should be provided. What is Security Awareness Training? Security awareness training is the process of providing information […]

There was a time when gold was what the thief was after. But reading the newspaper today rarely provides a story in which a train was robbed just for the gold. Today’s thief is after data – personal information. But today’s target isn’t too different from the gold target of a century ago. Both represent […]

Throughout my career, I’ve listened to and participated in the debate or discussion surrounding security vs compliance. Most often it seems that those involved in the discussion feel as though they need to take one side or the other. That co-mingling the two is more of a necessary evil versus an activity that provides value […]

Every organization should design a control structure to identify and address risks related to internal and external forces that impact an organization.  This control structure includes four main types of Internal Controls: Manual Controls IT Dependent Manual Controls Application Controls IT General Controls Preventive and Detective controls can be found within each of these four […]

Cybersecurity is a serious concern for the management and board members of organizations around the world. Consequently, service providers are being faced with increasing scrutiny and pressure to prove that they have taken appropriate measures to protect their systems, the client data that they process or store, and the systems and entities who use or […]