Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

STEPHEN HALBROOK

Stephen Halbrook is a Managing Principal at Schellman. He is an experienced and proven federal practice leader performing service delivery management across service lines including FedRAMP, NIST, SOC, PCI DSS and ISO. Stephen also helps assist large and complex organizations that have multiple compliances needs helping them strategically align their efforts to maximize cost and efficiencies. He has more than 15 years of experience in the assessment industry and started his career working in Deloitte’s Advisory practice.

Blog Feature

FedRAMP

By: STEPHEN HALBROOK
December 7th, 2022

You’ve heard of the Bermuda Triangle, right? It’s that mysterious region in North Atlantic Ocean where it’s said that more than 50 ships and 20 airplanes have disappeared without a trace. Fascinating and discomforting as that may be, the real trouble with the Triangle is that its boundaries are only loosely defined, which no doubt leads to uncertain pilots steering into a bad situation.

Blog Feature

Federal | NIST | CMMC

By: STEPHEN HALBROOK
September 14th, 2022

Stephane Nappo once said, “it takes 20 years to build a reputation and few minutes of cyber-incident to ruin it.” 

Blog Feature

SOC | Education

By: STEPHEN HALBROOK
December 5th, 2016

Here are five steps to help successfully prepare: 1. Validate the Nature of the Request. Does your client base understand the various SOC reporting options and what they are asking of your organization from a compliance reporting perspective? Is there a connection to internal controls over financial reporting (ICFR) of the services that you provide to your clients, or are you looking at general controls of a system that are relevant to security, availability, processing integrity, confidentiality, and/or privacy? SOC 1 can oftentimes be misused by the general public as a generic reference to third party examinations. There is misconception in the marketplace; help prevent it.

Blog Feature

Education

By: STEPHEN HALBROOK
September 8th, 2016

One of the most effective ways of approaching professional development is by using collaborative approaches. Or, as Eleanor Roosevelt once said, do one thing every day that scares you. I imagine that might be just as effective when it comes to professionally developing oneself and, as a result, personal skills with it. Here are three areas to consider dedicating attention to on the job if you desire to take personal development to new heights.

Blog Feature

Education

By: STEPHEN HALBROOK
July 26th, 2016

At some point in life, we all need advice and being a mentor is a meaningful way to provide it. Mentoring not only empowers others but also ourselves.

Blog Feature

SOC

By: STEPHEN HALBROOK
August 14th, 2014

Is your organization ready for a SOC 2 examination? Here are five steps to help successfully prepare for one:  1. Validate the nature of the request. Does your client base understand the various SOC reporting options and what they are asking of your organization from a compliance reporting perspective? Is there a connection to internal controls over financial reporting (ICFR) of the services that you provide to your clients, or are you looking at general controls of a system that are relevant to security, availability processing integrity, confidentiality, and privacy? SOC 1 can oftentimes be misused by the general public as a generic reference to third party audits. There is misconception in the marketplace; help prevent it.

Blog Feature

FAQs

By: STEPHEN HALBROOK
June 9th, 2014

When performing walkthroughs and interviews during our audits, organizations often ask what the difference is between BCP, DRP, and BCDR.