The Schellman Blog

Ugh, it’s happened—during your SOC examination, your service auditor identified a deviation from your intended process, and that resulted in a testing exception. Given that your customers (and other stakeholders) are relying on your SOC report for reassurance regarding the effectiveness of your controls, you need to address that deviation—but how?

Among the growing concerns regarding climate change and corporate responsibility, sustainability reporting has become a valuable tool for businesses to demonstrate their commitment to identifying and managing non-financial risks. While still primarily voluntary in nature, sustainability reports provide additional transparency into a company’s non-financial risks and the measures they take to build resilience into business models and operations.

For those wanting to learn more about GovRAMP, formally known as StateRAMP, we’ve put together answers to some of the most frequently asked questions we receive as an experienced Third-Party Assessment Organization (3PAO).

As such a comprehensive standard, ISO 27001 has been skyrocketing in popularity in recent years as a framework of choice for many organizations and their information security. But just as its holistic approach provides many advantages, there’s also a lot to consider and prepare for—as well as a lot of potential stumbling blocks.

In our experience as cybersecurity experts and highly qualified penetration testers, there are typically three reasons why you may move forward with a penetration test and start looking around for a provider. Making that initial decision to move forward with an assessment like this is a big step, but what should you do after you make it?

As of June 2024, the European Union's Digital Operational Resilience Act (DORA) is set to become a pivotal piece of legislation impacting financial institutions and their Information and Communication Technology (ICT) service providers. Designed to improve the stability and security of the financial sector amidst increasing cyber threats, DORA mandates several rigorous standards that organizations under its purview will need to accommodate.

In the 2018 Marvel film Black Panther, genius inventor Princess Shuri quips that “just because something works does not mean it cannot be improved.” It’s a message the healthcare industry has taken to heart, as it has continuously searched for ways to improve the patient experience.