UPCOMING IN-PERSON EVENTS: The Schellman team will be around the country at events the week of June 5th

Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

GREG MILLER

Greg Miller is a Principal at Schellman. Greg leads the HITRUST service line. Greg has more than 20 years of combined audit experience in both public accounting and private industry.

Blog Feature

SOC | Education

By: GREG MILLER
November 22nd, 2016

I am often asked who is responsible for determining and selecting which principle(s) will be included in the scope of the SOC 2 examination, but the answer may not always be what service organizations want to hear.

Blog Feature

HITRUST

By: GREG MILLER
September 20th, 2016

The HITRUST Alliance, in its efforts to keep the framework up-to-date, provides new releases annually, being Version 8 of its Common Security Framework (CSF) their most recent one (Version 7 was released in January 2015).  The updates to the framework are based on feedback from the HITRUST community, current risks and trends, as well as a way to incorporate updates from the various frameworks and requirements that are mapped and used as baseline requirements in development of the CSF.

Blog Feature

Compliance | thought leadership

By: GREG MILLER
August 22nd, 2016

They don’t call it a Compliancy and Ethics Program (CEP) for nothing. Though sometimes overlooked, ethics play an important role in the success of an organization’s compliance culture. Compliance professionals have grown accustomed to differing opinions regarding compliancy topics. Some individuals may have a compliance-focused viewpoint while others see topics from an ethical perspective. In either case, both sides likely feel strong convictions about their stance, and aren’t open or willing to be swayed in a different direction.

Blog Feature

HITRUST | Healthcare

By: GREG MILLER
May 23rd, 2016

So, you’ve been asked for a HITRUST certification? Odds are, 100 questions are racing through your head. Why would my organization be asked to hold this certification? What does certification even entail?

Blog Feature

HIPAA | HITRUST | Privacy | Healthcare

By: GREG MILLER
May 16th, 2016

Security is vital to the healthcare industry. Thirteen percent of CIOs, CTOs and CSOs reported being targeted by external threat attempts almost once a day, and 12 percent reported about two or more attacks per week. Furthermore, 16 percent of healthcare organizations admitted they are unable to detect in real time if their systems are compromised.

Blog Feature

HITRUST | Healthcare

By: GREG MILLER
May 5th, 2016

Healthcare service providers are being told that they must begin their HITRUST Validated Assessment process soon, especially to meet the 2017 deadline for HITRUST Certification.  The looming deadline and the lack of familiarity with the validation process are causing some fear.  But have no fear! This article will provide guidance on the process and the necessary information needed to navigate the Validated Assessment process and obtain certification.

Blog Feature

Compliance and Certification | Education

By: GREG MILLER
May 3rd, 2016

Let’s face it — compliancy isn’t what it used to be. With mounting pressure for companies to embrace innovative technologies to maintain competitive edge, the compliance landscape has become extraordinarily complex, and compliance leaders aren’t the only ones stressing about it. In a recent Robert Half Management Resources survey, more than 2,200 CFOs in the United States admitted that meeting regulatory compliance mandates is their second biggest stressor, right behind staying current with technology.

Blog Feature

SOC | HITRUST

By: GREG MILLER
November 2nd, 2015

Is HITRUST certification pass/fail or all or nothing? Must you achieve all 149 controls?  Although organizations are expected to implement all 149 controls as specified by their risk factors, HITRUST certification is based on a third-party assessment of 64 high risk controls. The high risk controls are determined by an analysis of past breach data while ensuring necessary coverage of the HIPAA Security Rule’s standards and implementation specifications. All third party assessments submitted via MyCSF is validated by HITRUST; however, organizations must achieve a 3+ maturity rating on the majority of the assessment domains to achieve certification. For a limited number of controls that are not operating at a 3+ level, you must create a corrective action plan (CAP). Organizations may also formally accept a very limited amount of risk and still achieve certification.