The ten generally accepted privacy principles that are essential to the proper protection and management of personal information are:
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
What is Processing Integrity and Who Needs it in their SOC 2?
There are five trust services criteria that can be included in a SOC 2 report, including: security, availability, processing integrity, confidentiality, and privacy (see definitions from the AICPA below). Only one of the five criteria is required in the SOC 2 — security. The other four trust services criteria are optional, and we get many […]
HIPAA Record Retention Requirements: How Long Should We Retain ePHI Data?
One of the areas we are required to evaluate on every HIPAA audit or compliance assessment is whether our client is compliant with HIPAA’s record retention requirements.
Can You Assess & Manage Your Organizational Risk?
Risk management is a basic component of everything we do. Subconsciously, we assess and manage risk with each decision we make—from getting up in the morning to going back to sleep. So, in a way, most of us are already seasoned risk managers. Yet many find organizational risk management to be an overwhelming task. Managing […]
Is the Cloud Safe?
More and more companies are popping up that require their consumers to insert sensitive information into a cloud for safe keeping but is the cloud actually safe? This article will address that question and provide consumers some insight into steps they can take and what to look for to help ensure that their information is […]
Reporting on an Entity’s Cybersecurity Risk Management Program and Controls (SOC for Cybersecurity)
The AICPA has recently developed a cybersecurity risk management reporting framework that is being added to the suite of System and Organization Controls (SOC) report offerings. This framework will assist organizations in communicating relevant and useful information about their cybersecurity risk management program. Companies need to be able to evidence that they can manage cybersecurity […]
Climbing to the Top: Understanding Major Cloud Service Providers
The number of companies utilizing cloud service providers (CSPs) that provide Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) is on the rise and making it important for consumers to understand the services—including the benefits—of what they are purchasing in order to maximize their return on investment. […]
What is a Third Party Administrator (TPA) Audit?
A Third Party Administrator (TPA) is a service organization that provides a variety of services to the insurance industry in accordance with a service agreement.
How Is Your (Cyber) Hygiene?
When most people think of hygiene, I would venture to say that technology or computer systems are not part of the mental picture. There are interesting parallels, however, between what we think of as “normal” hygiene and cyber hygiene.
What Period Is Covered In A Type II SOC Examination?
A type II SOC 1 (f. SSAE 16) or SOC 2 report (versus a Type I) is the most useful for a service organization to provide to a client. Most reports cover a 12 month period, but can be as short as six months