The Schellman Blog

Amidst the evolving patchwork of data protection and privacy legislation in the United States, privacy remains a top priority for organizations. But protecting privacy also requires resources, and while not all organizations have that much to spare, it is possible to make do with only a small, dedicated team.

Trying to keep up with the rapidly emerging and evolving governance of AI? Struggling to figure out how to address customer misgivings about your AI systems?

As part of the fight against the effects of climate change, a global effort has been kickstarted to reduce the use and production of hydrofluorocarbons (HFCs) due to their high global warming potential (GWP). For their part in this HFC phasedown, the Environmental Protection Agency (EPA) is asking organizations to report their HFC allowance, and the deadline to do so is May 31, 2024.

If you’re considering undergoing a FedRAMP High Assessment, you must understand that this is the most rigorous baseline among the standard FedRAMP options, making it a daunting—if necessary—endeavor. What would likely help is knowing what’s coming in more detail so that you can better prepare.

Incident response has always been an important component of PCI DSS—in Requirement 12.10, the standard provides critical guidelines for the timeliness, preparedness, and continuous improvement of incident response management. That being said, new related requirements and clarifications have been introduced under v4.0 that add complexity and effort to the mandates from v3.2.1.

As the scrutiny on environmental impact grows, more and more organizations are looking for ways that can help them both satisfy emerging regulations and customer concerns regarding the sustainability of their practices. And while there are a few options that may suit, ISO 14001 represents one particularly advantageous avenue.

NOTE: This blog was originally published on 3/24/2024 and has been updated as of 8/1/2024 now that the EU AI Act has been published in the Official Journal of the European Union and “enter[s] into force” 20 days thereafter, or on August 1, 2024.

As technology continues to evolve and become more robust, organizations have realized they need expertise and to be proactive in identifying risks and implementing controls. But even as new solutions are introduced, the backbone of many compliance and cybersecurity initiatives—including SOX— remains an organization’s internal technology general controls (ITGCs).