"*" indicates required fields
The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.
Artificial intelligence (AI) is no longer a term; it plays a crucial role in driving innovation across many industries. However, effectively utilizing AI requires managing the risks associated with it. This is where ISO/IEC 42001:2023 steps in—a standard crafted to aid organizations in handling AI-related risks and guaranteeing the security, ethics, and reliability of their […]
Many organizations do a tabletop test each year of their Incident Response (IR) or Business Continuity/Disaster Recovery (BC/DR) plan to evaluate its effectiveness and make sure it’s current. While tabletop is generally the weakest form of testing and has some significant limitations, there are some things that can be done to make it a better […]
Sarbanes-Oxley (SOX) is an act originally signed into law in 2002. The act is named after Senator Paul Sarbanes and Representative Michael Oxley, who were the main architects of the act.
The National Institute of Standards and Technology (NIST) defined their Risk Management Framework (RMF) in Special Publication (SP) 800-37.
The recent CrowdStrike outage, which caused widespread system crashes and disruptions, served as an important reminder of the interconnectedness and fragility of our world as it relates to technology. While the incident was disruptive and many of our clients can attest to the headaches it caused, it also provided valuable insight into how organizations can […]
In today’s day and age, most organizations rely on vendors for portions of the services they provide or to assist with the security and integrity of their technology and data. Managing the relationships with these vendors is important, in addition to monitoring the ongoing performance of the services provided by these vendors. When pursuing a […]
Recently, a client asked if we could provide them some insight on the similarities, differences, advantages, and disadvantages of getting a SOC 2 Security versus an ISO/IEC 27001:2022 certification.
With no shortage of regulations around data security and privacy, it’s no wonder that determining which regulations must be complied with and whether your company has compliance gaps can be a daunting task. Regulatory compliance is mandatory, but can be overwhelming. Where should you start? Perform a Risk Assessment Risk assessments are valuable tools for […]
In a post-COVID-shutdown world, hybrid and remote work has skyrocketed. Employee usage of personal devices, such as smartphones and tablets, for company work, is now commonplace and expected by employees. In many instances, employees can take advantage of the functionality of new smartphones to increase efficiency and productivity. Employees are happy because they get to […]
With the use of cloud technology trending upward, many cloud companies are touting themselves as “HIPAA certified.” In fact, there is no such thing as a HIPAA certification.
