Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.
Linford & Company specializes in helping service organizations go through their Service Organization Control (SOC) review the first time.
The Cloud Security Alliance is a non-profit organization that promotes the use of best practices for providing secure cloud computing. Since 2010, the CSA has released four versions of a free Cloud Controls Matrix for public use.
Linford & Company offers two types of reports that address security, the SOC 2 Security report and the AT 601 HIPAA Security report.
Many organizations may be retaining personal data and it is important for this information to be properly protected and or anonymized. One method to ensure personal information is appropriately anonymized is through de-identification. This article will explain what de-identification is, how to go about de-identifying personal data, and why it is important. To start, a […]
Many of our clients and prospects get asked for a “SOC report” without any further clarification. Also, many get asked for a SOC 1 and a SOC 2… so how do they know what they need? Do they need both? Just one? We get these questions all the time, and with a quick conversation, we […]
With all the commerce and other types of transactions and information that traverse the Internet, it is useful that there are organizations such as the CSA, AICPA, and many others, which are focused on serving the public’s interests. And while nothing will ever give complete assurance as to the internal controls for a service organization, SOC audit reports go a long way to providing a level of assurance that is acceptable to most people and organizations.
Information security is a hot topic and receives frequent headlines due to the weekly—if not daily—security breaches that occur on a global scale. At Linford & Co, we work with service providers on a regular basis to evaluate aspects of their information security by independently testing the design and operating effectiveness of their controls.
There is no such thing as a SOC or SSAE 16 (known as SOC 1, which is the marketing name for the standard) certification.
In a SOC 2 examination, two of the five Trust Services Principles and Criteria are Privacy and Confidentiality. These two principles can be confusing and may seem to overlap.