The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
With the proliferation of data breaches and hacks that occur today, it’s no wonder there is a greater focus on information security. SOC 2 reports are general use reports that provide assurance to user organizations and stakeholders that a particular service is being provided securely. A SOC 2 can also include criteria related to Availability, […]
Today, information security is of greater concern and importance than ever before, and that’s saying a lot! Every day there are new data breaches reported costing companies billions of dollars in combined losses. IBM recently published the 2023 Cost of a Breach article and notes the cost of a breach to be an average of […]
Type II SOC engagements (for both SOC 1 audits and SOC 2 audits) require walkthroughs and testing of the controls in place at the service organization to be able to opine on the suitability of the design and the operating effectiveness of controls during the period under review. Each control objective or criteria has a […]
After months of preparation, your organization successfully navigated a HITRUST-validated assessment and achieved HITRUST certification – but what comes next? This article will focus on some general practices and techniques that will allow your organization to continually improve the information security posture of the organization in an effort to maintain a state of readiness to […]
It is a misconception that the job of an auditor can be summed up to individuals that examine financial records with the goal of forming an opinion about the fairness of information presented within a company’s financial statements
When preparing for a SOC 1 or SOC 2 examination, service organizations, particularly those who elect to report their subservice organizations using the carve-out method, often conclude that anything related to their subservice organizations is out of scope for their own SOC report. However, that is not the case. This blog will discuss the requirements […]
With the frequent personnel changes that many companies are experiencing right now, it’s important to consider how turnover affects companies’ compliance efforts. Almost every company is required to comply with some type of law, rule, regulation, or reporting standard. This blog post will provide some ideas for helping to provide sufficient compliance training as part […]
With the rise of organizations providing artificial intelligence (AI) or machine learning (ML) tools and services, one has to wonder about the risks associated with those services and the security, at the very least, of the data used for and created as a result of the AI and ML services. Data considerations include the makeup […]
Risk has become a popular topic and the questions that come with that is how does one address risk and then continue to monitor those risks. In other words, you have created your risk matrix, but what is next? This article will address those questions by explaining the linkage between risks and controls. The four […]
As technology continues to evolve at an exponential rate, it’s not uncommon to feel overwhelmed or exhausted by the current rate of change. While new technologies are often introduced with the promise of benefits, they also introduce new challenges and risks. In 2023, there will continue to be plenty of focus on big data, edge […]
