Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Video
Video
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
Schellman Training
Schellman Training
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Subscribe to Weekly Updates

Blog Feature

Payment Card Assessments | PCI DSS v4.0

By: MATT CRANE
September 21st, 2023

In June 2023, the Payment Card Industry Security Standards Council (PCI SSC) released a new worksheet entitled “Items Noted for Improvement” (INFI)—while the Council encourages use of this worksheet for assessments based on earlier versions of PCI DSS, organizations undergoing a PCI DSS v4.0 assessment are required to use it.

Blog Feature

HITRUST | Healthcare Assessments

By: RYAN MEEHAN
September 19th, 2023

Though considered somewhat abbreviated in comparison to HITRUST’s other certification options, the HITRUST e1 Certification still represents a potentially beneficial path, particularly for those organizations that have already established their compliance programs.

Blog Feature

HITRUST | Healthcare Assessments

By: RYAN MEEHAN
September 14th, 2023

Service providers—e.g., SaaS, IaaS, PaaS—are currently seeing significant growth in the healthcare vertical, where they’re classified as “business associates” to the healthcare providers, insurers, and clearinghouses that are collectively referred to as “covered entities.” (Note that subcontractors to business associates are also classified as business associates.)

Blog Feature

Payment Card Assessments | Penetration Testing | PCI DSS v4.0

By: Schellman
September 12th, 2023

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to protect cardholder data. One of the key (and almost always applicable) requirements of PCI DSS is that organizations must perform internal and external penetration testing for the entire scoped environment—this not only applies to systems that store, process, or transmit cardholder data, but also those that can impact the security of cardholder data.

Blog Feature

HITRUST | Healthcare Assessments

By: Kevin Keane
September 7th, 2023

In American history, the Westward Expansion is an important theme of our 19th century. What began with 13 colonies that fought for American independence eventually—after many years—grew to include more places that held more people and different opportunities.

Blog Feature

SOC & Attestations | SOC 1

By: Molly Rudar
September 5th, 2023

Though the timeline of a completed report varies greatly based on numerous factors within your organization, a SOC 1 examination generally always moves through the same three phases of planning and preparation, fieldwork, and reporting stages.

Blog Feature

HIPAA | Healthcare Assessments

By: Schellman
August 31st, 2023

If you’ve ever owned a home in a neighborhood that has a homeowners association, you likely know that you have to pay those fees to avoid a lien being placed on your property, which could complicate your life in annoying ways. But on the flip side, paying those fees should mean you also reap the benefits like landscaping, community pool management, security, or maintenance.

Blog Feature

Cybersecurity Assessments | Federal Assessments | NIST CSF

By: Kate Weber
August 29th, 2023

With the new SEC Cybersecurity Disclosure Rule requiring both the reporting of material cybersecurity events and the disclosure of cybersecurity programs for public companies, those affected are taking a closer look at cybersecurity frameworks that—while previously considered optional or “nice to have”—could help their organization meet the new regulatory requirements.