As technology continues to evolve and embed itself more into society, regulations to govern its use and protect consumers are struggling to keep up in parts of the world. But not so in the European Union (EU), where they’ve recently made progress on a wave of new cyber legislation—among those is the NIS 2 Directive.

This week marks the first anniversary of Schellman's Weekly Read—over the past year, we've sent a Friday email to subscribers containing links to our latest and greatest content. To mark the occasion—fifty-two straight weeks of thought leadership and compliance insight, we've put together the Schellman Weekly Read Top 5 Posts (as determined by most clicks).

Though society has, these days, moved firmly into the digital age where emails, texts, and the online world dominate both communication and cyber-attack vectors, it might not occur to people—or organizations—that some scams are still perpetuated over the phone in what’s called a vishing attack.

For those financial institutions involved in international transactions, compliance with the security requirements set forth by the Society for Worldwide Interbank Financial Telecommunication (SWIFT)—otherwise known as its Customer Security Programme (CSP), which aims to better secure the global financial community against cyber threats. One part of the Programme includes the SWIFT Customer Security Controls Framework (CSCF), which was updated in 2024 and now mandates controls around the protection of outsourced critical activity.

Ugh, it’s happened—during your SOC examination, your service auditor identified a deviation from your intended process, and that resulted in a testing exception. Given that your customers (and other stakeholders) are relying on your SOC report for reassurance regarding the effectiveness of your controls, you need to address that deviation—but how?

Among the growing concerns regarding climate change and corporate responsibility, sustainability reporting has become a valuable tool for businesses to demonstrate their commitment to identifying and managing non-financial risks. While still primarily voluntary in nature, sustainability reports provide additional transparency into a company’s non-financial risks and the measures they take to build resilience into business models and operations.

For those wanting to acquaint themselves with StateRAMP, we’ve put together answers to some of the most frequently asked questions we receive as an experienced Third-Party Assessment Organization (3PAO).

Ever been on the road with Google Maps or something similar handling your navigation? Whether you’ve driven the route from Point A to Point B before, or if this is your first time making your way, we’re grateful for the assistance and confirmation that we’re taking the right steps.