If you’ve ever been told by your customers or stakeholders that you need to conduct some kind of external audit to win or keep their business, the first question that likely came to mind was, “How much will that cost?” The initial answer, at least, is that it depends.
In May of 2021, President Biden issued Executive Order on Improving the Nation’s Cybersecurity (E0 14028), an EO that took specific and significant aim at federal IT systems as well as the private sector technology and software providers that support it.
If you know Schellman, you likely know our standard plug—we’re a leading provider of attestation and compliance services and we’re the only provider in the world that has a CPA firm, a globally licensed PCI Qualified Security Assessor, a comprehensive ISO Certification Body, HITRUST CSF Assessor, a FedRAMP 3PAO, CMMC C3PAO, and APEC Accountability Agent working together to address our client’s complex and interrelated security and privacy compliance requirements.
My Story Last Thursday, I had my dermatology check-up with Dr. Sutterfield just a few miles from my house. I have these every three months, and this last time everything was all good—nothing suspicious or even cut off this time.
The Belgian writer and painter Erik Pevernagie once said that “without a clear-cut vision and a proper reading of the roadmap we may not reach the buoyant shores of the horizon.”
Yesterday, on May 12th, President Biden issued the “Executive Order (EO) on Improving the Nation’s Cybersecurity.” Given that the Order features 11 sections that include both policy and general provisions among others, its 8,080 words is arguably the equivalent of multiple EOs. Such an effort is, no doubt, purposeful by the President—this is significant, and will certainly impact the security worlds of both the government itself and those companies that provide it with software and services.
By Eric Sampson and Doug Barbin In a previous article, we provided a summary of the key components of the PCI DSS Cloud Computing Guidelines (“cloud supplement”). That article focused on roles, responsibilities, agreements, and audit considerations. This article speaks more to the technical considerations.
By Eric Sampson and Doug Barbin