The Schellman Blog

As of June 2024, the European Union's Digital Operational Resilience Act (DORA) is set to become a pivotal piece of legislation impacting financial institutions and their Information and Communication Technology (ICT) service providers. Designed to improve the stability and security of the financial sector amidst increasing cyber threats, DORA mandates several rigorous standards that organizations under its purview will need to accommodate.

In the 2018 Marvel film Black Panther, genius inventor Princess Shuri quips that “just because something works does not mean it cannot be improved.” It’s a message the healthcare industry has taken to heart, as it has continuously searched for ways to improve the patient experience.

In the fast-paced world of business, trust and credibility are table stakes. You've likely invested in compliance certifications to demonstrate your commitment to industry standards. But are you prepared to meet the rising expectations of a new generation of stakeholders who demand more than just compliance?

Picture this: you've signed up for a social engineering attack as part of your organization's penetration test, specifically an email-based phishing campaign. The penetration testing firm is asking you to allow list their campaign through your mail filters and other technical controls. You have all those advanced protections in place - spam filters, web proxies, next-generation phishing protections - designed to protect your end users from phishing attacks. Yet, when it comes to assessing the very risk these controls are meant to mitigate, should you lower them for the tester specifically for the purpose of the test?

As the need for SOC 2 examinations continues to grow domestically as well as internationally, many organizations now either find themselves taking on more and more assessments or trying to appease a client base that requires a SOC 2 examination when the typical product or platform approach may not apply. When these situations crop up, we are seeing more adoption of what’s known as an enterprise services SOC 2 examination.

As of June 11th, PCI DSS v4.0.1 was officially released. This update comes with several clarifications and adjustments to the previous version, ensuring more precise guidelines and addressing various implementation issues.

Given the international reputation of ISO standards, ISO 14001 certification represents a great option for organizations seeking to prove their commitment to sustainability. To achieve certification of your environmental management system (EMS), however, you must meet the framework’s holistic requirements regarding environmental issues.

While the rapid pace at which artificial intelligence (AI) technology has been both developing and impacting several areas of our daily lives continues, so do the concerns about the tech’s safety, privacy, and bias. As there’s no stopping the ongoing integration of AI, organizations are now wondering what they can do to ease those concerns, and the answer is simple—start with protecting your data.