# Linford \& Company LLP: External IT Auditors Specializing in SOC 1 \& SOC 2 Audits, HIPAA Audits, FedRAMP Audits, \& HITRUST Assessments, Penetration Testing, ISO/IEC 27001:2022 Certification, PCI DSS Compliance Audits \& CSA\-STAR Compliance > Certified public accountants \& IT auditing firm specialized in SOC \& HIPAA, FedRAMP auditing services Generated by Yoast SEO v27.9, this is an llms.txt file, meant for consumption by LLMs. ## Pages - [About Us](https://linfordco.com/about/) - [Contact](https://linfordco.com/contact/) - [Privacy Policy](https://linfordco.com/privacy-policy/) - [Blog](https://linfordco.com/wp-cron.php?doing_wp_cron=1782762061.9078230857849121093750) - [Services](https://linfordco.com/services/) - [Audit Terms](https://linfordco.com/resources/audit-terms/) - [CMMC Compliance Assessment Services](https://linfordco.com/services/cmmc-compliance-assessment-services/) - [CSA\-STAR](https://linfordco.com/services/csa-star-certification/) - [FedRAMP Compliance Certification](https://linfordco.com/services/fedramp-compliance-certification/) - [GovRAMP](https://linfordco.com/services/govramp-compliance-certification/) - [HIPAA Compliance Audits](https://linfordco.com/services/hipaa-audits/) - [HITRUST® Audit \& Certification](https://linfordco.com/services/hitrust-certification/) - [ISO/IEC 27001:2022 Certification Assessment Services](https://linfordco.com/services/iso-compliance-assessment/) - [Penetration Testing](https://linfordco.com/services/penetration-testing/) - [SOC 1 Audits](https://linfordco.com/services/soc-1-audits/) - [SOC 2 Audits](https://linfordco.com/services/soc-2-audits/) - [PCI Compliance Audits](https://linfordco.com/services/pci-compliance-audits/) ## Posts - [Don't be Caught Unawares: How to Preserve Audit Evidence when Decommissioning a System\!](https://linfordco.com/blog/preserving-audit-evidence-when-decommissioning-system/) - [CCPA Cybersecurity Audit Requirements: What You Need to Know](https://linfordco.com/blog/ccpa-cybersecurity-audit-requirements/) - [The HIPAA Contingency Plan with a SOC 2 Spin](https://linfordco.com/blog/the-hipaa-contingency-plan/): One of the areas we review on all audits and assessments of the HIPAA Security Rule is HIPAA’s requirements concerning contingency plans\. - [SOC 2 Physical Security in a Remote\-First World: What Auditors Actually Look For](https://linfordco.com/blog/soc-2-physical-security-remote-considerations/) - [What Happened to SAS 70? Understanding SOC 1 Reports Today](https://linfordco.com/blog/deconstructing-sas-70-soc-1/): Many U\.S\. companies receive what, until recently, were called SAS 70 audit reports from certain types of vendors\. These reports come out once a year, typically in the late Fall\. While most organizations do a good job of recognizing the need to request these reports, often they are not properly reviewed and evaluated when received\. So, what do you do with the report once it has been received other than give it the internal and external auditors? ## Optional - [Sitemap index](https://linfordco.com/sitemap_index.xml)