In an increasingly complex world that’s more reliant on interconnected information systems, meeting the challenge to achieve compliance with security standards may take a backseat to your striving for sustainable growth. But in fact, compliance initiatives can play a bigger role in that growth than you might assume—you just have to maximize your return on that investment.

These days, with recent ransomware attacks disrupting healthcare providers and affecting millions of Americans, it’s become painfully clear that cybersecurity in this sector is no longer just an IT issue—it’s a patient safety issue, and the stakes are higher than ever. The proposed Health Infrastructure Security and Accountability Act of 2024 (HISAA), spearheaded by Senators Ron Wyden and Mark Warner, aims to address these vulnerabilities head-on.

You’ve got a system that needs to be tested, but you’re not really certain about which environment the testing should occur in. Or, maybe you’re feeling uneasy about testing within production. Many have been in your exact same shoes in the past -- below, we’ll help assist you in making this important decision.

As new cybersecurity legislation continues to roll out across the globe, Hong Kong is set to introduce its Protection of Critical Infrastructure Bill—the first of its kind for the region and a significant step in its efforts to strengthen its cyber resilience. Being such a milestone, it’s important that the critical infrastructure operators (CIOs) under the Bill’s purview understand its mandates regarding risk assessments, incident reporting, and preventative measures.

Though so much attention has been placed on secure coding to mitigate cyber threats to software, another emerging area of focus is the “software supply chain,” or the “software bill of materials” (SBOM). Why? Because software security doesn’t just depend on secure coding—the individual components of the software, or the SBOM—are equally critical.

ISO/IEC 42001:2023 is rapidly becoming the global standard for Artificial Intelligence (AI ) governance. While it is a close cousin of ISO/IEC 27001:2022, ISO 42001—rather than focusing primarily on cyber and information security—takes a more holistic approach to risk management for AI systems.

Within a few months of their latest update to their Data Protection Requirements (DPR) to address a coding incident (version 9.1), Microsoft released a draft or “pre-read” for their version 10 requirements that will be utilized for its Supplier Security and Privacy Assurance (SSPA) process as of the 2025 fiscal year. Arguably the largest update to the DPR since September 2018, v10’s new mandates address artificial intelligence (AI) and include important references to ISO 42001 that suppliers may want to take advantage of during their next compliance cycle.

Underscoring the firm's commitment to responsible AI, this accreditation enables Schellman to certify organizations against the first global AI standard of its kind