Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

COLLIN VARNER

Collin is a Senior Manager with Schellman Compliance, LLC based in Denver, Colorado. Collin is focused primarily on specializing in IT attestation, audit, and compliance activities as they relate to numerous standards including SOC, HIPAA, CMMC, and a suite of ISO standards. Prior to joining Schellman, Collin held roles tasked with planning, organizing, and managing multiple facets of information technology and security reviews including cybersecurity assessments, risk management, internal and external audit, system implementations, and customized attestation reporting.

Blog Feature

By: COLLIN VARNER
May 7th, 2024

When undergoing a System and Organization Controls (SOC) examination, the idea is to gain independent validation regarding the controls you’ve put in place to protect your and your clients' assets and provide reassurance of your trustworthiness to your stakeholders. Unfortunately, sometimes controls fail to meet their intended objectives and criteria, resulting in your SOC auditors explaining the issue in your formal report—that explanation is called a “qualification.”

Blog Feature

SOC Examinations

By: COLLIN VARNER
January 18th, 2024

When pursuing a SOC 2 examination, a popular first step for many organizations—particularly those just stepping into the world of compliance for the first time—is the SOC 2 readiness assessment. But for those first-timers who don’t know what to expect from such a process, it might help to have a primer.

Blog Feature

Cybersecurity Assessments

By: COLLIN VARNER
March 21st, 2023

Throughout history, warfare has evolved. The Romans did it one way, the Vikings did it another—Sun Tzu, Richard the Lionheart, and the Allied forces all had different tactics that forced opponents to adjust their defenses and strategies.

Blog Feature

By: COLLIN VARNER
January 21st, 2019

As technologies continue to advance, corporations will consistently evaluate whether responsibilities should be managed internally or outsourced to a qualified vendor. Whatever the criteria your senior management / board of directors utilize as a benchmark for vendor consideration, questions and concerns should be at the forefront of the vendor management program. A primary consideration to remember is that while the idea of outsourcing tasks may seem like the clear risk management option, an organization must understand that the associated risks are not removed from the company, but rather just transferred and still a responsibility for the firm collecting and transmitting their customer information.

Blog Feature

By: COLLIN VARNER
September 27th, 2017

In the information technology world, there are currently few buzzwords as popular as the term cybersecurity. As CIOs and VPs evaluate the status of their network environment, and decide who will oversee the related processes—including who has the unfortunate task of reporting to the Board

{