The Schellman Blog

If you've received a report labeled "Red Team Assessment" and can’t help but notice it reads more like a penetration test report, you're not alone. We've seen this pattern repeatedly. Organizations invest in what they believe is a Red Team engagement, only to receive a penetration test with a different label. This deception can be more damaging than helpful as it is fundamental to your security posture that you understand the depth of assessment your organization actually received.

TAMPA, Fl. – November 19, 2025 – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is proud to announce that it has become the first US-based certification body accredited to deliver Singapore’s Multi-Tier Cloud Security (MTCS) certification services. With this milestone, Schellman joins an exclusive group of only seven accredited MTCS certification bodies worldwide.

ISO 27701 is a globally recognized standard for establishing a privacy information management system (PIMS), outlining the requirements and supporting controls that should be fulfilled and implemented. Compliance with ISO 27701 indicates that an organization has implemented a system to manage risks related to data privacy and the processing of personally identifiable information (PII).

Not only is artificial intelligence changing how businesses operate; it's also changing how cybercriminals attack. As organizations rush to adopt AI systems, they face new security risks that traditional defenses can't handle.

TAMPA, Fla. – October 28, 2025 – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is proud to announce the appointment of Abhi S. Visuvasam as its new Chief Technology Officer. Visuvasam brings over three decades of experience leading enterprise architecture, software engineering, data engineering, platform modernization, and AI/ML initiatives for Fortune 500 companies and high-growth SaaS firms.

Many suppliers working with Microsoft are now required to complete the Microsoft Supplier Data Protection Requirements (MSDPR) Independent Assessment each year to maintain Supplier Security and Privacy Assurance (SSPA) compliance. In practice, we continue to see organizations misinformed about what’s actually required, which often leads to unnecessary costs, re-tests, or delays.

People interact with Artificial Intelligence (AI) in many ways, but most commonly through written prompts, which is the method that's also the most familiar avenue for basic prompt-hacking techniques. However, the real concern for organizations lies beyond these simple exploits, with sophisticated attacks targeting enterprise AI systems. In this article, we'll explain how an attacker can weaponize AI assistants to extract proprietary data, manipulate decision-making, and even infiltrate corporate networks.

FedRAMP 20x is progressing quickly, with phase 2 just around the corner. Designed to modernize and streamline the authorization process, FedRAMP 20x is reshaping how cloud service providers (CSPs) achieve and maintain authorization to operate (ATO) in the federal marketplace.