Tampa, FL, April 3, 2019 - Schellman & Company, LLC (Schellman), a leading provider of attestation and compliance services, announced today that it has been officially certified as a Great Place to Work™. Great Place to Work is the global authority on workplace culture, employee experience and the leadership behaviors proven to deliver market-leading revenue and increased innovation.

If your organization is a current or aspiring Microsoft vendor, you’re probably familiar with the Microsoft Supplier Security and Privacy Assurance Program (SSPA) program (previously called the Vendor Privacy Assurance Program). Vendors providing services with a high business impact may be required to provide a letter of attestation from a qualified independent assessor such as Schellman. You might be wondering what this requirement means for your business and what to expect during the attestation process.

The International Organization for Standardization (ISO) has released a second edition to ISO 27018, its guidance for cloud service providers who process personally identifiable information (PII), which was initially released in 2014. As we know, the world of information technology and the protection of PII is an ever-evolving concern. We addressed how ISO 27018 interplays with other key regulations (such as the GDPR) here. Now with this new guidance set forth from ISO, it begs the question: is this a major or minor change?

The fight against cyber threats is one that requires much more preparation than it may have in the past. Today, threats and attacks are disrupting business operations and unnerving boards of directors, managers, customers, investors, and other stakeholders in organizations of all sizes, both public and private. The first rule in a fight is to protect yourself at all times, and the AICPA's SOC for Cybersecurity reporting framework can help.

Imagine this, it's a late Wednesday afternoon and you are wrapping up your previous SOC engagement while simultaneously working on your current engagement. A check of your upcoming schedule reveals that next week, yet another SOC engagement for a client in your area looms. Juggling multiple engagements can be tricky, but must less so if there’s a tried and true process that’s become routine. Here are five easy steps to help an auditor prepare for a SOC engagement.

Are you always concerned with making a good first impression? Do you often feel unsure of how to approach the conversation with a group of people you are meeting for the first time? Don’t worry, it’s common to feel anxious and uncertain in networking situations. When meeting new people, we tend to put a lot of stress on ourselves to shine and come across well, in order to make a connection.

Cloud computing technologies have revolutionized the way organizations manage and store their information. Where companies used to house and maintain their own data, a host of organizations have now made the switch to a cloud-based model due to the ease of use and cost-saving benefits promised by the cloud.

Why would a financial services company need a SOC 1?