"*" indicates required fields
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
This article addresses the what, when, why, and who’s related to letters of representation for audits, specifically SOC audits. What is a Letter of Representation? A letter of representation (a.k.a., representation letter, rep. letter, LOR) in audit services is a form letter from the American Institute of Certified Public Accountants typically prepared by the external […]
In the cyber-security industry, the only constant, it seems, is change. The threat landscape is always shifting as cyber criminals seek new ways to exploit individuals, corporations, and nations themselves. One significant shift in the threat landscape is with cryptojacking. While the impact to individuals and organizations is not maleficent like ransomware or theft or […]
The Trust Services Criteria (TSC) were developed by the AICPA Assurance Services Executive Committee (ASEC). The available TSCs for a SOC 2 audit include: Security (also known as common criteria). This is the only required TSC and is included to demonstrate that systems at a service organization are protected against unauthorized access and other risks […]
Have you been receiving a number of privacy policy updates in your email from services you use? Did you wonder why all of a sudden you were getting these all at the same time? Well, it is all because of the General Data Protection Regulation (GDPR). On May 25th, the GDPR train arrived at the […]
The available Trust Services Criteria (TSC) as defined by the American Institute of Certified Public Accountants (AICPA) that are options to be included in a SOC 2 audit are the following: Security (also known as common criteria). Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could […]
If you hold protected health information for your clients, either in electronic (ePHI) or hard copy form (PHI), you must comply with the Health Insurance Portability and Accountability Act (HIPAA). In some cases, a client may have asked that you sign a business associate agreement or BAA. When signing a BAA, you commit to follow […]
The available Trust Services Criteria (TSC) as defined by the American Institute of Certified Public Accountants (AICPA) that can be included in a SOC 2 audit are the following: Security. Information and systems are protected against unauthorized access, unauthorized disclosure of information, and damage to systems that could compromise the availability, integrity, confidentiality, and privacy […]
The concept of user control considerations within SOC reports has been around since SOC reports were referred to as SAS 70s, although the AICPA’s term used to describe user control considerations has changed over time. These controls are now known as complementary user entity controls (CUEC). You may also hear these controls referred to as […]
Last month I wrote about the importance of security policies and provided some basic principles for developing solid security policies.
In a SOC 2 examination, two of the five Trust Services Principles and Criteria are Privacy and Confidentiality. These two principles can be confusing and may seem to overlap.
