Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Craig Skinner

Craig Skinner is a Senior Associate with Schellman based in Atlanta, Georgia. Prior to joining Schellman in 2020, Craig worked as an IT auditor for a professional services firm specializing in SOX and financial statement audit support, as well as SOC reporting, for the insurance and financial services industries. Craig has over three years of experience comprised of clients in various industries, including healthcare services and managed service providers. Craig is now focused primarily on SOC reporting for organizations across various industries.

Blog Feature

SOC Examinations

By: Craig Skinner
October 26th, 2022

If you order a martini from a bar, the bartender will likely make it the standard way: gin, bitters, vermouth, and a twist of lemon. If you go to a different spot, the mixologist might make it with vodka instead of gin and garnish with an olive. Maybe one time, you request it shaken not stirred. No matter which way you order, you have final say on how you address your need for a martini.

Blog Feature

NIST | CSA STAR Program | Healthcare Assessments | SOC Examinations

By: Craig Skinner
May 4th, 2022

Think about those a la carte sushi restaurants—the very cool ones with the circulating conveyor belts that let you select different dishes as they suit your fancy. Maybe your go-to is always California rolls, but you spot some delicious-looking Rainbow Rolls so you grab those one time. Or maybe you’re craving a Spicy Tuna roll, so you add that to your plate. Even if sushi is not quite your taste, you’d probably agree that SOC 2 audits are even less appetizing. Aside from the actual, in-depth audit process, they also require you to make a lot of decisions first, and it’s just added stress. That’s why you want to ensure that you take the audit path most helpful to you, and that includes the right criteria. SOC 2 functions a lot like that sushi conveyor belt—you have a lot of potential options. And we don’t just mean the SOC 2 Trust Services Categories (TSCs) that you have to select from to form the basis of your examination. We mean adding what is technically known as additional “subject matter.” For simplicity’s sake, we’ll just refer to it as “additional criteria.”

{