IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.

How to maintain HITRUST certification

How to Maintain Your HITRUST Certification: Professional Guidance

After months of preparation, your organization successfully navigated a HITRUST-validated assessment and achieved HITRUST certification – but what comes next? This article will focus on some general practices and techniques that will allow your organization to continually improve the information security posture of the organization in an effort to maintain a state of readiness to […]

Guide to monitoring controls at subservice organizations

Monitoring Controls at Subservice Organizations

When preparing for a SOC 1 or SOC 2 examination, service organizations, particularly those who elect to report their subservice organizations using the carve-out method, often conclude that anything related to their subservice organizations is out of scope for their own SOC report.  However, that is not the case. This blog will discuss the requirements […]

Guidance for compliance training

Compliance Training – Insights & Guidance For Your Organization

With the frequent personnel changes that many companies are experiencing right now, it’s important to consider how turnover affects companies’ compliance efforts. Almost every company is required to comply with some type of law, rule, regulation, or reporting standard.  This blog post will provide some ideas for helping to provide sufficient compliance training as part […]

Risk and controls - A guide for linking and monitoring

The Link Between Risk & Controls – Guidance for Monitoring

Risk has become a popular topic and the questions that come with that is how does one address risk and then continue to monitor those risks. In other words, you have created your risk matrix, but what is next? This article will address those questions by explaining the linkage between risks and controls. The four […]

Cybersecurity trends for 2023 and 2024

New Cybersecurity Trends to Watch for in 2023 & Beyond

As technology continues to evolve at an exponential rate, it’s not uncommon to feel overwhelmed or exhausted by the current rate of change. While new technologies are often introduced with the promise of benefits, they also introduce new challenges and risks. In 2023, there will continue to be plenty of focus on big data, edge […]

HITRUST vs HIPAA

HITRUST vs HIPAA: Understanding The Benefits of HITRUST Certification

In previous blog articles, we have covered what HITRUST certifications are and compliance requirements, understanding the HITRUST certification process, and scoring HITRUST CSF controls, but one very frequent question is, “What is the benefit of getting HITRUST certified?” Right behind that, in terms of frequency, are the following HIPAA-related questions: How does a HITRUST certification […]

What is an internal auditor?

What Is An Internal Auditor & Why Should You Hire One?

What is an Internal Audit? The Institute of Internal Auditors (IIA) defines internal audit as the “independent, objective assurance, and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and […]