The Schellman Blog

As interest in ISO 42001 certification has surged over the past year, we've heard a steady stream of questions from organizations seeking to build their AI governance strategy and operationalize their Artificial Intelligence Management Systems (AIMS) responsibly. From understanding practical preparation steps to what to expect during the audit, many teams are looking for clearer guidance as they navigate this newer management system standard.

As organizations expand their digital footprints and adopt AI at scale, global privacy expectations are rising worldwide. At the same time, cyber threats are growing more sophisticated, further driving the need for more advanced, resilient privacy programs to meet both regulatory and security demands.

The California Air Resources Board (CARB) continues to progress its climate disclosure laws, but the path forward remains unclear. Despite statutory deadlines that have been on the books since 2023, CARB has repeatedly shifted its own rulemaking timeline while still expecting companies to meet firm compliance dates.

Organizations that rely on Germany’s Cloud Computing Compliance Criteria Catalogue (C5) can expect meaningful changes on the horizon. The public comment period for C5:2025 formally closed in September 2025, and we anticipate that the finalized version of the refreshed framework will be released sometime in 2026.

As artificial intelligence becomes increasingly embedded in core business operations and customer-facing product offerings, organizations are under growing pressure to ensure their AI systems are safe, ethical, transparent, and well-governed. ISO 42001, the world’s first international standard for AI management systems, provides the structure needed to build trustworthy AI and demonstrate responsible governance to customers, regulators, and partners.

If you've received a report labeled "Red Team Assessment" and can’t help but notice it reads more like a penetration test report, you're not alone. We've seen this pattern repeatedly. Organizations invest in what they believe is a Red Team engagement, only to receive a penetration test with a different label. This deception can be more damaging than helpful as it is fundamental to your security posture that you understand the depth of assessment your organization actually received.

TAMPA, Fl. – November 19, 2025 – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is proud to announce that it has become the first US-based certification body accredited to deliver Singapore’s Multi-Tier Cloud Security (MTCS) certification services. With this milestone, Schellman joins an exclusive group of only seven accredited MTCS certification bodies worldwide.

ISO 27701 is a globally recognized standard for establishing a privacy information management system (PIMS), outlining the requirements and supporting controls that should be fulfilled and implemented. Compliance with ISO 27701 indicates that an organization has implemented a system to manage risks related to data privacy and the processing of personally identifiable information (PII).