Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

Cybersecurity Assessments

By: Sully Perella
September 23rd, 2025

Though servers have typically been the norm among organizations since the inception of the computer, there’s been a slow transition through different architecture since then. Though going serverless has been the latest trend within the last decade, many still have plenty of questions regarding this potential option.

Blog Feature

Healthcare Assessments | HDS Certification

By: Robert Tylka
September 22nd, 2025

Effective May 16, 2024, Version 2 of the Health Data Host (HDS) Referential went into force with a two-year transition period. This means if you are currently HDS certified, you’ll have to transition to the new version before May 16, 2026. This transition brings many positive changes, including a clarification of the applicable hosting activities, removal of distinction between physical hosting and IT managed services providers, removal of references to controls within the ISO 20000-1 and ISO 27018 standards, requirement for data localization within the European Economic Area (EEA), and more. However, we have noticed particular challenges that companies pursuing HDS certification tend to struggle with. In this article, we’ll break down those trends faced by organizations within the new HDS framework so that you can focus on those areas that may take more time for implementation or remediation in your own compliance journey.

Blog Feature

Penetration Testing

By: Josh Tomkiel
September 17th, 2025

TL;DR Schellman’s core value of "quality above all" means understanding your business and comprehending why you need any given compliance service. In the case of penetration tests, it's not just about counting how many vulnerabilities we find. Good pen testing gives you risk ratings that fit your actual setup, shows we understand your specific business and technology, keeps communication clear throughout the project, and provides advice you can actually use. We focus on being your security partner and helping you understand real business risk instead of just checking compliance boxes.

Blog Feature

Artificial Intelligence

By: Sully Perella
September 16th, 2025

The S&P study on Generative AI asserts that, “The percentage of companies abandoning the majority of their AI initiatives before they reach production has surged from 17% to 42% year over year, with organizations on average reporting that 46% of projects are scrapped between proof of concept and broad adoption.”

Blog Feature

Cybersecurity Assessments

By: Ryan Mackie
September 15th, 2025

The EU Cyber Resilience Act (CRA) sets a new regulatory benchmark for product cybersecurity, impacting manufacturers, importers, and distributors worldwide. In this article, we’ll explain the Act’s scope, key requirements, and timeline to help your organization understand what’s changing and how to prepare with a readiness assessment.

Blog Feature

Artificial Intelligence | ISO 42001

By: Mike Somody
September 8th, 2025

Organizations are under increasing pressure to secure and govern their AI systems responsibly. Fortunately, industry frameworks are stepping in to help, including the Cloud Security Alliance (CSA) Artificial Intelligence Controls Matrix (AICM), which maps to the ISO 42001 standard for AI management systems. Together, these frameworks provide a powerful roadmap for aligning AI governance with established security and compliance practices.

Blog Feature

Penetration Testing

By: Mike Finkel
September 3rd, 2025

As a penetration tester, few things are more frustrating than firing up Burp Suite, configuring your proxy, and then watching Java applications completely ignore your interception attempts. While web browsers play nice with proxy certificates, Java applications seem determined to make your life difficult.

Blog Feature

News | CMMC

By: Schellman
August 28th, 2025

TAMPA, Fla. – August 27, 2025 – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is proud to announce that Marci Womack, Managing Director in Schellman's Federal Practice overseeing the emerging Cybersecurity Maturity Model Certification (CMMC) assessment program, has been appointed to Cyber AB’s inaugural CMMC Third-Party Assessment Organizations (C3PAOs) Advisory Council.

{