The Schellman Blog

AI is embedded in hiring decisions, customer service workflows, financial systems, and product development pipelines, among other essential business operations and services. AI undoubtedly comes with enhanced efficiency, scalability, and productivity, but it also brings concerns around risks, bias, transparency, reliability, and security.

As federal agencies increasingly rely on cloud technologies to support mission-critical operations, ensuring those systems meet consistent security standards is essential. The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach for assessing, authorizing, and continuously monitoring cloud services used by the U.S. government.

Desai joins a select cohort of entrepreneurial leaders committed to creating lasting impact beyond the boardroom

As organizations scale their use of AI systems in key business processes, customer-facing products, and high impact decisions, the question is no longer whether AI can deliver value, but whether it can be deployed in a way that is reliable, secure, fair, and sustainable over time.

In the ever-changing world of information technology, the biggest topic of discussion is artificial intelligence (AI) and the influence it is having on security, compliance, and the administration of data. However, regarding data, the most important consideration should be how AI will impact our personal health information (PHI).

On March 23, 2026, the Global CBPR Forum announced the release of CBPR 2.0 during its biannual Forum workshop. The refresh of the original System requirements, now referred to as CBPR 1.0, is a significant step in aligning with the privacy laws in new participating economies and opening the door for other interested economies in joining as member or associate jurisdictions.

The ISA (Information Security Assessment) is the heart of your TISAX journey, and a critical first step in preparing for your TISAX assessment. You'll also hear it referred to as the “self-assessment.” The most recent iteration of the ISA spreadsheet, version 6.0.3, can be downloaded here for reference.

Microsoft recently provided a pre-release of v12 of their Data Protection Requirements (DPR) for suppliers required to undergo an annual security and privacy assessment through Microsoft’s Supplier Security and Privacy Assurance (SSPA) program. Microsoft DPR v12 is scheduled to refresh March 30, 2026, and features a total of 63 requirements. Notably, this is a reduced number of controls compared to v11, which featured a total of 67 requirements.