Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth. However, the advantages to obtaining a SOC 2 report far outweigh the initial investment.
Tag: SOC 2
SOC Readiness Assessments: Recommended Guidance for Audit Readiness
Linford & Company specializes in helping service organizations go through their Service Organization Control (SOC) review the first time.
CSA CCM: Cloud Security Alliance Cloud Controls Matrix – Overview & CSA Offerings
The Cloud Security Alliance is a non-profit organization that promotes the use of best practices for providing secure cloud computing. Since 2010, the CSA has released four versions of a free Cloud Controls Matrix for public use.
SOC 2 vs. HIPAA: What’s the Difference Between a SOC 2 Report & a HIPAA Report?
Linford & Company offers two types of reports that address security, the SOC 2 Security report and the AT 601 HIPAA Security report.
De-Identification of Personal Information: What is It & What You Should Know
Many organizations may be retaining personal data and it is important for this information to be properly protected and or anonymized. One method to ensure personal information is appropriately anonymized is through de-identification. This article will explain what de-identification is, how to go about de-identifying personal data, and why it is important. To start, a […]
SOC 1 vs. SOC 2 – What is the Difference Between Them & Which Do You Need?
Many of our clients and prospects get asked for a “SOC report” without any further clarification. Also, many get asked for a SOC 1 and a SOC 2… so how do they know what they need? Do they need both? Just one? We get these questions all the time, and with a quick conversation, we […]
The Cloud Security Alliance (CSA) and the AICPA
With all the commerce and other types of transactions and information that traverse the Internet, it is useful that there are organizations such as the CSA, AICPA, and many others, which are focused on serving the public’s interests. And while nothing will ever give complete assurance as to the internal controls for a service organization, SOC audit reports go a long way to providing a level of assurance that is acceptable to most people and organizations.
What are the Roles and Responsibilities of Information Security?
Information security is a hot topic and receives frequent headlines due to the weekly—if not daily—security breaches that occur on a global scale. At Linford & Co, we work with service providers on a regular basis to evaluate aspects of their information security by independently testing the design and operating effectiveness of their controls.
SOC Certifications: Are SOC 1 & SOC 2 Audits Actually Certifications?
There is no such thing as a SOC or SSAE 16 (known as SOC 1, which is the marketing name for the standard) certification.
Confidentiality vs. Privacy in a SOC 2
In a SOC 2 examination, two of the five Trust Services Principles and Criteria are Privacy and Confidentiality. These two principles can be confusing and may seem to overlap.