Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

STUTAY MONGA

Blog Feature

By: STUTAY MONGA
April 11th, 2017

Recently, the Data Protection Intensive has come into its own as a leading forum for practical data protection education.  Now considered to be one of the best conferences of the year, the 2017 Data Protection Intensive conference was set in London.  There, privacy professionals from around the world gathered together to explore different areas of privacy. This conference was specifically able to deliver innovative solutions to today’s top privacy and data protection challenges.  Though General Data Protection Regulation (GDPR) was the primary subject; a wide range of issues were discussed throughout the week.  During this time, I attended four breakout session that highlighted a range of key issues that are faced in the privacy world.

Blog Feature

ISO 27001 | ISO Certifications

By: STUTAY MONGA
August 1st, 2016

An internal audit process should be present within the organization, and is vital to the design and effectiveness of any information security program. The requirements of an internal audit can be referred to in Clause 9.2 within the ISO-27001 standard. The process and time constraints of an internal audit vary based on the size and structure of the company.  Also, a greater sense of detail and effectiveness of an internal audit should be similar across all organizations. Initially, a plethora of clients believe that an internal audit is a simple walkthrough of organizational specific processes and applicable controls; however, the internal audit requires the organization to review the ISO-27001 framework and all in-scope Annex A controls based on the Statement of Applicability (SOA). As a result, the ISO-27001 internal audit happens to be more stringent and control focused than many organizations believe it to be prior to beginning the audit.