The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
An integrated audit incorporates the review of internal controls into the overall audit of the financial statements, which is now a requirement for public companies. Since the Sarbanes-Oxley Act came into effect, management is responsible for establishing, maintaining and reporting on an internal control structure and procedures for financial reporting, and auditors are required to asses this internal control structure.
The Public Company Accounting Oversight Board (PCAOB) is a regulatory board reporting to the SEC who oversees the audits of public companies. Congress created the PCAOB in 2002 with the Sarbanes-Oxley Act (SOX) in response to a series of accounting scandals, notably Enron and Worldcom, to tighten controls on the auditing industry.
If you’re already following HIPAA compliance-related news, you’re probably already familiar with the “Wall of Shame.” If you’re just getting started, read on. The HIPAA Breach Notification Rule requires Covered Entities and Business Associates to report breaches of protected health information (PHI) to the U. S. Department of Health and Human Services (HHS).
The trust services criteria applicable to a SOC 2 privacy audit covering the privacy criteria applies only to personal information such as health records, payment card information, or other personally identifiable information (PII). This is different than for the confidentiality criteria which applies to various types of sensitive information such as customer lists, product specifications, […]
Incident Response Plans (IRP) are an extremely important element of dealing with security incidents. Traditionally, an IRP has been when an organization creates a scenario on paper and performs a walkthrough of the incident with key members of the incident response team to determine whether everyone understands what to do in the event an incident […]
Information security is a hot topic and receives frequent headlines due to the weekly—if not daily—security breaches that occur on a global scale. At Linford & Co, we work with service providers on a regular basis to evaluate aspects of their information security by independently testing the design and operating effectiveness of their controls.
Data security refers to the controls implemented by a company to protect its data from unauthorized access and corruption. A good control environment around data security isn’t built on trust, it’s built on controls that are operating effectively allowing verification and adequate oversight. The implementation of mature data security protocol and measures by which individuals […]
Clients will often ask why we complexify certain types of audit procedures.
The Federal Risk and Authorization Management Program (FedRAMP) is a federal program focused on providing a consistent process for evaluating the security of commercial cloud service providers (CSP) that seek to provide services to the federal government. The FedRAMP process involves five primary entities but depending on the path a CSP takes to achieve an […]
What are SOC services in relation to service organization control audits? SOC services, in this context, refers to System and Organization Controls (SOC) and the suite of services CPA firms provide for auditing these controls at a service organization. These audits are referred to as SOC audits. There are several different kinds of SOC audits […]
