Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

Federal Assessments

By: Schellman
May 28th, 2024

Now that the deadline for the CISA Secure Software Development form is quickly approaching, organizations are working to ensure they get their attestation in order—that includes FedRAMP Cloud Service Providers (CSPs).

Blog Feature

Healthcare Assessments | HIPAA

By: Schellman
May 23rd, 2024

Perhaps believing they’re simply too small for the government to consider, some smaller healthcare providers will choose to either fly under the radar or hope that regulators of the Health Insurance Portability and Accountability Act (HIPAA) won’t notice their lack of correct processes and controls. However, this likely won’t work—in fact, over 55% of HIPAA fines in 2022 were levied against small practices.

Blog Feature

Payment Card Assessments | PCI DSS

By: Bill Soverns
May 21st, 2024

If you’re a newly hired CISO or Director for an organization that’s required to achieve and maintain PCI DSS, you may be wondering how and where you can get started so that you’re ready when it comes time for the assessment to begin.

Blog Feature

Cybersecurity Assessments

By: Phallyn Habercoss
May 16th, 2024

One of many different kinds of cyber attack, phishing involves a message—sent by email or otherwise—where a malicious actor purports to be reputable in some way to convince individuals to reveal personal information that the criminal can then exploit for gain.

Blog Feature

Federal Assessments

By: Douglas Barbin
May 14th, 2024

With the deadlines for the newly incorporated Cybersecurity Infrastructure and Security Agency (CISA) Secure Software Development Attestation Form looming, organizations supplying government-used software must get their ducks in a row to ensure compliance with these requirements.

Blog Feature

ISO Certifications

By: JORDAN HICKS
May 9th, 2024

When seeking ISO 9001 certification, part of that road to compliance will be aligning your required quality management system (QMS) with the key clauses (4-10) within the standard, each of which focuses on a specific facet of that management system—context, leadership, planning, support, operation, performance evaluation, and improvement.

Blog Feature

By: COLLIN VARNER
May 7th, 2024

When undergoing a System and Organization Controls (SOC) examination, the idea is to gain independent validation regarding the controls you’ve put in place to protect your and your clients' assets and provide reassurance of your trustworthiness to your stakeholders. Unfortunately, sometimes controls fail to meet their intended objectives and criteria, resulting in your SOC auditors explaining the issue in your formal report—that explanation is called a “qualification.”

Blog Feature

Federal Assessments | IRAP

By: Doug Stonier
May 2nd, 2024

In a rapidly transforming digital landscape, private organizations aren’t the only ones attempting to protect themselves from evolving cyber threats—governments are too. In the United States, FedRAMP and StateRAMP have risen to prominence as “gatekeeper” frameworks to doing work with those levels of American government, and on the opposite side of the globe, Australia has IRAP.

{