The Schellman Blog

In the ever-changing world of information technology, the biggest topic of discussion is artificial intelligence (AI) and the influence it is having on security, compliance, and the administration of data. However, regarding data, the most important consideration should be how AI will impact our personal health information (PHI).

On March 23, 2026, the Global CBPR Forum announced the release of CBPR 2.0 during its biannual Forum workshop. The refresh of the original System requirements, now referred to as CBPR 1.0, is a significant step in aligning with the privacy laws in new participating economies and opening the door for other interested economies in joining as member or associate jurisdictions.

The ISA (Information Security Assessment) is the heart of your TISAX journey, and a critical first step in preparing for your TISAX assessment. You'll also hear it referred to as the “self-assessment.” The most recent iteration of the ISA spreadsheet, version 6.0.3, can be downloaded here for reference.

Microsoft recently provided a pre-release of v12 of their Data Protection Requirements (DPR) for suppliers required to undergo an annual security and privacy assessment through Microsoft’s Supplier Security and Privacy Assurance (SSPA) program. Microsoft DPR v12 is scheduled to refresh March 30, 2026, and features a total of 63 requirements. Notably, this is a reduced number of controls compared to v11, which featured a total of 67 requirements.

For years, the Cybersecurity Maturity Model Certification (CMMC) lived in a world of drafts, delays, and speculation. Now, however, there are two key rules underpinning the CMMC program. The first is the foundational  32 CFR Part 170, which went into effect in December 2024 and formally established the CMMC framework.

Investment Accelerates Schellman's Growth and Strengthens the Independent, Expert-Led Model Clients Count On to Navigate an Increasingly Complex Global Compliance Landscape

Recently on a Sunday night my phone rang, showing an unknown number.

As artificial intelligence continues to rapidly evolve, from generative tools to increasingly autonomous systems, governments around the world are accelerating efforts to formalize AI governance. Regulatory frameworks are becoming enforceable on legal requirements that shape how AI systems are designed, deployed, and monitored.