SOC 2 Security vs. ISO 27001 Certification

By Rob Pierce on June 7, 2017June 13, 2017

Recently, a client asked if we could provide them some insight on the similarities, differences, advantages, and disadvantages of getting a SOC 2 Security versus an ISO 27001 certification.

What Period Is Covered In A Type II SOC Examination?

By Nicole Hemmer on January 10, 2017May 10, 2017

A type II SOC 1 (f. SSAE 16) or SOC 2 report (versus a Type I) is the most useful for a service organization to provide to a client. Most reports cover a 12 month period, but can be as short as six months

Need A SOC Report? How To Know Which One Is Best For Your Service Organization

By Nicole Hemmer on June 15, 2016June 27, 2017

A SOC (Service Organization Control) report is a report on controls at a service organization related to various types of subject matter, for example: controls that affect user entities’ financial reporting; controls that affect the security, availability, and processing integrity of the systems; or the confidentiality or privacy of the information processed for user entities’ clients.

How Long Will It Take To Get Your First SOC Report?

By Rob Pierce on June 9, 2016June 9, 2016

We hear this question all the time from new clients and prospects. How long will it take for us to prepare the required documentation for a SOC report?

Findings/Issues in SOC Reports. What Can the Impact Be?

By Nicole Hemmer on April 27, 2016May 10, 2017

At Linford & Company we perform many SOC 1 (f. SSAE 16) and SOC 2 engagements.

De-Identification of Personal Information

By Kerry Shackelford on April 13, 2016May 6, 2016

The topic of de-identification of personal information has come up in discussions with clients several times in the past year. In each scenario, our client or potential client is collecting and maintaining a store of personal information which must be protected from breach—customer records, payment card industry cardholder data, electronic protected health information (ePHI), etc. […]

SOC 2 Benefits

By Rob Pierce on April 6, 2016April 12, 2016

Obtaining a SOC 2 report requires an investment of both time and money for a service organization and, at some point, might seem like more work than it’s worth.

First time SOC 2 Audit: What to Expect

By Rob Pierce on March 2, 2016April 12, 2016

So you have begun to be asked by a current client or prospective client for a SOC 2 report.

The Advantages of Hiring a Small Firm for Your SOC Audit

By Nicole Hemmer on February 17, 2016May 10, 2017

At Linford & Company, we fully understand that there are all sizes of companies that complete the kind of audits we do, which include SOC 1 (f. SSAE 16), SOC 2, HIPAA and royalty audits.

Using the SOC 2 Report for Health Care Industry Assurance

By Kerry Shackelford on January 8, 2016January 8, 2016

In a press release dated December 17, 2015, the AICPA announced that it had collaborated with the Health Information Trust Alliance (HITRUST) to develop an illustrative SOC 2 report useful to health care industry service organizations that must demonstrate compliance with HIPAA’s security requirements