<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">
Contact a Specialist
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
Compliance Reliance
Compliance Reliance
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

Blog

The Schellman Advantage Blog

Stay up to date with the latest compliance news from the Schellman Advantage blog.

DEBBIE ZALLER

Debbie Zaller is a Principal at Schellman & Company, LLC. Debbie leads the SOC 2, SOC 3 and Privacy service lines and is also an AICPA-approved and nationally listed SOC Specialist. As practice leader she is responsible for internal training, methodology creation and quality reporting. Debbie also leads the firm’s Midwest market. Debbie has over 20 years of IT compliance and attestation experience. Debbie was on the AICPA Task Force for the Advanced SOC for Certification Exam, was a member of the Florida Institute of Certified Public Accountants Board of Governors and served on the Finance and Office Advisory Committee.

Blog Feature

HIPAA | Cybersecurity | NIST

By: DEBBIE ZALLER
June 10th, 2021

In January of 2021, the Department of Health and Human Services issued an amendment to the Health Information Technology for Economic Clinical Health (HITECH) Act regarding certain security practices of covered entities and business associates. They define adequate security practices as “standards, guidelines, best practices, methodologies, procedures, and processes developed under section 2(c)(15) of the National Institute of Standards and Technology Act, the approaches promulgated under section 405(d) of the Cybersecurity Act of 2015, and other programs and processes that address cybersecurity and that are developed, recognized, or promulgated through regulations under other statutory authorities.”

Blog Feature

By: DEBBIE ZALLER
July 8th, 2019

(Article originally published on BloombergLaw.com)

Blog Feature

By: DEBBIE ZALLER
June 26th, 2019

The Asia-Pacific Economic Cooperation is set to boost the status of its Cross-Border Privacy Rules program in the U.S.

Blog Feature

By: DEBBIE ZALLER
November 28th, 2018

Strategic thinking and careful planning can help you squeeze the maximum value out of your multi-cloud environment. Here are eight tips to help you get started.

Blog Feature

SOC | Cybersecurity

By: DEBBIE ZALLER
June 21st, 2017

As global cyberattacks become more common, organizations are fine tuning, or even implementing, a cybersecurity risk management program — and there is no better way to validate your cybersecurity risk management program than with an independent validation.

Blog Feature

Cloud Computing

By: DEBBIE ZALLER
May 9th, 2017

The CSA recently announced that the STAR Program will now allow a one-time, first-year only, Type 1 STAR Attestation report. What is a Type 1 versus Type 2 examination and what are the benefits for starting with a Type 1 examination?

Blog Feature

Compliance and Certification | Education

By: DEBBIE ZALLER
October 25th, 2016

Your customers and potential customers share data with you every day. Whether it’s an email address or more in-depth information like a shipping address or credit card information, they expect you to protect what they share.

Blog Feature

Compliance and Certification | Education

By: DEBBIE ZALLER
August 4th, 2016

Identifying changes that must be made is the easy part. Managing those changes successfully—not so simple! Organizations today need to be extraordinary at adapting to or influencing changes in technology, policy, and procedure. Those who adjust well aren’t phased by the fast pace of the market or the constant evolutions in technology and security standards. Those who struggle with change constantly operate in a reactive state, and fail to properly strategize their business moves.