The Schellman Blog

ISO/IEC 42001:2023 is the first international standard for an Artificial Intelligence Management System (AIMS). Structured similarly to other ISO management system standards, like ISO 27001, with mandatory clauses 4 through 10 and an Annex A control set, it shares the same Plan-Do-Check-Act logic familiar to any management system practitioner.

This article was drafted based on a LinkedIn Live discussion between Schellman’s Matt Hungate (Managing Principal, Federal Practice) and Jacob Karp (VP of Strategic Sales). View their full conversation here.

The California Consumer Privacy Act (CCPA) has fundamentally reshaped how organizations approach data protection, but the recent cybersecurity audit regulation has added a new layer of complexity to compliance obligations. For many companies, this represents both a challenge and an opportunity to build a unified compliance strategy that addresses multiple regulations, standards, and frameworks simultaneously.

This article was drafted based on a LinkedIn Live discussion between Danny Manimbo (Managing Principal, Schellman) and Christian Hyatt (CEO & Co-Founder, risk3sixty). Watch their full session here. The regulatory landscape for AI is shifting rapidly between evolving federal policies, an explosion of state-level legislation, and the emergence of industry-specific compliance requirements. Many organizations know they need AI governance but may face uncertainty about how to navigate the evolving landscape.

Schellman is the industry’s #1 FedRAMP Third Party Assessment Organization (3PAO) and has become the first to assess over 200 cloud service offerings on the FedRAMP Marketplace. From over a decade of experience, we’ve accumulated a significant amount of firsthand experience and hard-earned insights into what it actually takes to achieve and maintain federal authorization.

On May 7, 2026, HITRUST announced the release of CSF version 11.8.0. The HITRUST Common Security Framework (CSF) has become a cornerstone compliance standard for organizations across healthcare, financial services, and other regulated industries. By consolidating requirements from multiple frameworks like HIPAA, HITECH, and ISO 27001, HITRUST CSF provides a unified, risk-based approach to security and compliance that many organizations have built their entire control environments around.

Privacy is evolving as organizations now need to navigate expanding data protection laws, cross-border data transfers, and growing expectations from customers and regulators. Having a credible, internationally recognized framework to guide privacy practices is critical.

The most experienced Third Party Assessment Organization in the federal cloud security market reaches a program milestone more than a decade in the making