IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.

A few years ago, during a SOC 2 audit for a mid-sized SaaS company, we noticed a gap: their patch management program looked solid on paper, but the execution was flawed. The client had a policy that mentioned monthly updates, a ticketing system for patch deployment, and even a patch management report that was presented [...]

In performing SOC audits for Linford & CO, the clear majority of organizations do a great job providing reasonable assurance they are meeting all their controls. But I wanted to hit on a list of seven common mistakes that seem to pop up to hopefully help your organization identify them before they become [...]

Many of our clients have built a Software-as-a-Service (SaaS) application on top of AWS and are leveraging AWS controls as part of their systems environment. One reason our clients do this is to leverage the AWS SOC 2-compliant infrastructure. Service organizations like AWS have their own SOC 2 report to provide assurance to stakeholders that [...]

With cyber threats evolving at an unprecedented rate, everyone must adopt robust security frameworks to protect sensitive information. One of the most widely recognized and implemented information security standards is ISO/IEC 27001:2022 (commonly referenced as “ISO 27001”). This internationally accepted standard provides a systematic approach to managing sensitive company and customer data, ensuring confidentiality, integrity, [...]

For decades, personal computers have been the backbone of work, creativity, and communication. From the early desktops of the 1980s to the sleek ultrabooks and gaming rigs of today, PCs have played an essential role in modern life. However, we are now on the cusp of a major technological shift that will render traditional personal [...]

AI agents are no longer a futuristic concept—they are actively reshaping business operations and revolutionizing auditing processes. Companies are leveraging these autonomous AI systems to automate workflows, enhance decision-making, and optimize security practices. But with rapid adoption comes significant challenges: compliance risks, ethical considerations, and security vulnerabilities that auditors must address. From customer service chatbots [...]

In today’s evolving technological landscape, businesses are increasingly turning to automation to enhance efficiency and reduce operational costs. Two prominent technologies in this domain are Robotic Process Automation (RPA) and Artificial Intelligence (AI). While both aim to streamline business processes, they differ significantly in their capabilities and applications. This article explores the distinctions between RPA [...]

Across the globe, International Standards Organization (ISO) standards have been accepted by experts as a standard that can be relied upon for just about any process. They guide requirements to manufacture a good, provide a service, set up a management system, and comply with safety requirements. The list goes on and on. Since we are [...]

"*" indicates required fields

This field is for validation purposes and should be left unchanged.
I understand and agree to the Linford & Company LLP privacy policy.**