The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
Many organizations do a tabletop test each year of their Incident Response (IR) or Business Continuity/Disaster Recovery (BC/DR) plan to evaluate its effectiveness and make sure it’s current. While tabletop is generally the weakest form of testing and has some significant limitations, there are some things that can be done to make it a better […]
Sarbanes-Oxley (SOX) is an act originally signed into law in 2002. The act is named after Senator Paul Sarbanes and Representative Michael Oxley, who were the main architects of the act.
The National Institute of Standards and Technology (NIST) defined their Risk Management Framework (RMF) in Special Publication (SP) 800-37.
The recent CrowdStrike outage, which caused widespread system crashes and disruptions, served as an important reminder of the interconnectedness and fragility of our world as it relates to technology. While the incident was disruptive and many of our clients can attest to the headaches it caused, it also provided valuable insight into how organizations can […]
In today’s day and age, most organizations rely on vendors for portions of the services they provide or to assist with the security and integrity of their technology and data. Managing the relationships with these vendors is important, in addition to monitoring the ongoing performance of the services provided by these vendors. When pursuing a […]
Recently, a client asked if we could provide them some insight on the similarities, differences, advantages, and disadvantages of getting a SOC 2 Security versus an ISO/IEC 27001:2022 certification.
With no shortage of regulations around data security and privacy, it’s no wonder that determining which regulations must be complied with and whether your company has compliance gaps can be a daunting task. Regulatory compliance is mandatory, but can be overwhelming. Where should you start? Perform a Risk Assessment Risk assessments are valuable tools for […]
In a post-COVID-shutdown world, hybrid and remote work has skyrocketed. Employee usage of personal devices, such as smartphones and tablets, for company work, is now commonplace and expected by employees. In many instances, employees can take advantage of the functionality of new smartphones to increase efficiency and productivity. Employees are happy because they get to […]
With the use of cloud technology trending upward, many cloud companies are touting themselves as “HIPAA certified.” In fact, there is no such thing as a HIPAA certification.
In the quickly evolving landscape of technology, maintaining the security and functionality of physical servers is imperative. Patch management is a critical component of this maintenance that involves updating server software to fix vulnerabilities, improve performance, and determine compatibility with other systems. Despite its importance, patch management is often loaded with risks that, if not […]
