IT Audit & Compliance Blog

The Linford & Company Blog is written by our very own auditors, who are experts in IT audits, information security, and compliance topics. Their auditing experience encompasses a broad spectrum of industries and organizations, and their specialized expertise can help your company or organization make the right decision for your auditing needs. Our specific areas of focus in our IT Audit & Compliance Blog include SOC 1 Audits, SOC 2 Audits, HIPAA Audits, HITRUST Certification, and FedRAMP Assessments, NIST & CMMC, and Penetration Testing.

Covered entities vs. business associates under HIPAA

HIPAA Business Associate vs. Covered Entity: Differences & Expectations

In order to properly assess the relevance of HIPAA compliance to your organization, it is important to understand what a Covered Entity (CE) and a Business Associate (BA) are. In this blog we’ll talk about what these items are, the differences between them, and how they are handled differently when assessing HIPAA compliance. Differences Between […]

A guide for audit readiness success

Audit Readiness – Professional Tips for a Successful Audit

The auditors are coming! Let’s face it, many organizations dread audit time–but it doesn’t have to be that way. Whether you’re facing your very first audit or preparing for the next recurring one, being audit-ready will save you time and effort, alleviate stress, and facilitate a smooth and successful audit process. As humans, we naturally […]

5 Common SOC 2 Myths

Myth Busting 5 Common SOC Audit Misconceptions

In the rapidly evolving landscape of technology services, companies are entrusted with handling sensitive client data. To ensure the security, availability, and integrity of this data, many executives consider undergoing a System and Organization Controls (SOC) audit. However, misconceptions surrounding SOC audits often cloud the decision-making process. So, what exactly is a SOC audit? In […]

What is StateRAMP

A Guide to StateRAMP: An Overview For Your Authorization Journey

In 2011, the Federal Risk and Authorization Management Program (FedRAMP) was introduced, establishing a standardized assessment methodology for federal agencies to manage risk within commercial cloud service provider environments. Acknowledging the “do once, use many” benefits of FedRAMP within the federal sector, the State Risk and Authorization Management Program (StateRAMP) was launched in 2021. StateRAMP […]

A guide to the types of vulnerability scans

Which Types of Vulnerability Scanners Can Help Protect Your Company?

As security breaches (such as these HIPAA security breaches) become more common and costly, it is important to understand ways to prevent breaches. Recently, we came across a scenario where a company was not using a vulnerability scanner to scan their development environment for secret credentials, thus making the secret credentials not so secret. The […]

Zero trust compliance guide

Zero Trust Concepts & Audit Implications

Over the past several years, the concept of Zero Trust has transitioned from an industry buzzword to a pillar of information security. In this blog post, we will break down what zero trust means in the industry, what the pillars of zero trust are, and how zero trust concepts impact auditing activities and other factors […]

ISO & Risk Management

ISO and Risk Management Frameworks for Supporting Enterprise Risk Assessments

As I pondered about what blog content may be interesting and useful to our current and prospective clients, I kept coming back to one interesting client discussion I recently had. I was working with a first-year SOC 2 readiness client, and they were asking for insights and my perspectives on best practices for conducting an […]

Vendor and third-party risk management

The Transforming Landscape of Vendor & Third-Party Risk Management

In the ever-evolving realm of business, where external vendors and third-party collaborations are pivotal for enhancing efficiency and innovation, the significance of effective vendor and third-party risk management has never been more pronounced. Additionally, it has become the norm for companies to rely on third parties to provide critical operational functionality for a business. As […]