There are five Trust Service Principles (TSPs) that can be included in the scope of a SOC 2 examination.
IT Audit & Compliance Blog
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 reports, SOC 2 reports, HIPAA reports, Royalty audits, HITRUST and FedRAMP assessments.
What Is Attestation?
The definition of attestation is to affirm to be correct. In accounting, an attestation engagement is the process of providing an opinion on published financial and other business information of a business, public agency or other organization.
Virtual CISO: What Is it? Services, Responsibilities, & Cost
According to ISACA’s State of Cyber Security 2019, 72% of organizations have a chief information security officer (CISO). Also, in that study, only 55% of organizations have an increasing security budget. For many small and mid-sized organizations, budgets are already tight, and hiring a full-time CISO may seem like a luxury. So how does an […]
What is the Scope of HIPAA Compliance?
The first step in conducting a HIPAA security compliance audit is to “take inventory” of the electronic protected health information (ePHI) environment.
Data Encryption: Use It or Lose It (Your Data)
Have you ever thought about what you would do if someone obtained access to all the information you stored electronically?
SOC 2 Privacy vs. GDPR: Personal Data Audit Considerations & Compliance
The SOC 2 Privacy criteria is one of the AICPA’s five Trust Services Criteria that may be included in a System and Organization Control (SOC) report that a service organization provides to its user entities. On the other hand, the General Data Protection Regulation (GDPR) is an enforceable legislative act in place to protect the […]
The Cloud Security Alliance (CSA) and the AICPA
With all the commerce and other types of transactions and information that traverse the Internet, it is useful that there are organizations such as the CSA, AICPA, and many others, which are focused on serving the public’s interests. And while nothing will ever give complete assurance as to the internal controls for a service organization, SOC audit reports go a long way to providing a level of assurance that is acceptable to most people and organizations.
Five Types of Testing Methods Used During Audit Procedures
Type II SOC engagements (for both SOC 1 audits and SOC 2 audits) require walkthroughs and testing of the controls in place at the service organization to be able to opine on the suitability of the design and the operating effectiveness of controls during the period under review. Each control objective or criteria has a […]
HIPAA Authorization: Requirements & Consent to Disclose PHI Under the HIPAA Privacy Rule
The Privacy Rule protects most individually identifiable health information held or transmitted by a covered entity or its business associate in any form or media, whether electronic, paper or oral.
Mobile Device Management (MDM): Securing Your Mobile Workforce
Benefits and risks of a mobile workforce and strategies to help mitigate associated risks. Shopping for a mobile device management solution for your organization or simply considering bring your own device (BYOD)? Well, we all know the convenience and benefits regarding the use of mobile devices in an organization, some of which include: increased productivity […]