"*" indicates required fields
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
Organizations flourish when they establish environments that foster the efficient execution of operations. Internal controls should help organizations deliver value to their stakeholders and achieve their strategic objectives while aligning with industry best practices, laws, and regulations to manage risks facing them. What Is the Control Environment of a Company? The Institute of Internal Auditors control environment definition states that the […]
Healthcare providers, payers, exchanges, and many service providers to the healthcare industry are under increased pressure to demonstrate their compliance with the security and privacy requirements of HIPAA.
Some people may not believe this, but information security’s purpose is, or should be, to serve the business and help the company understand and manage its overall risk. Sure, there are some security professionals that appear to have the goal of spending as much money as possible and getting the latest and greatest software, and there are also some that like to say “no”…for everything…all the time, but the good ones are there to help.
A FedRAMP Readiness Assessment is an opportunity for Cloud Service Providers (CSP) targeting government clients to demonstrate that they are ready to begin the FedRAMP process in earnest. With the end goal being a Provisional ATO (P-ATO) from the Joint Authorization Board (JAB) or an ATO granted by a Federal Agency, CSPs, through the […]
The definition of attestation is to affirm to be correct. In accounting, an attestation engagement is the process of providing an opinion on published financial and other business information of a business, public agency or other organization.
According to ISACA’s State of Cyber Security 2019, 72% of organizations have a chief information security officer (CISO). Also, in that study, only 55% of organizations have an increasing security budget. For many small and mid-sized organizations, budgets are already tight, and hiring a full-time CISO may seem like a luxury. So how does an […]
The first step in conducting a HIPAA security compliance audit is to “take inventory” of the electronic protected health information (ePHI) environment.
Have you ever thought about what you would do if someone obtained access to all the information you stored electronically?
The SOC 2 Privacy criteria is one of the AICPA’s five Trust Services Criteria that may be included in a System and Organization Control (SOC) report that a service organization provides to its user entities. On the other hand, the General Data Protection Regulation (GDPR) is an enforceable legislative act in place to protect the […]
Throughout 2018 and 2019, the OCR has identified the failure to conduct and adequate risk assessment as a key finding in nearly half of their settlements. Making it the largest single source of identified HIPAA violations. Many organizations undergo some level of third party reporting on their compliance with the HIPAA security rule. Generally these […]
