The Schellman Blog

Though HITRUST released v11 of the HITRUST CSF back in January 2023, as of April 16, 2024, HITRUST released CSF v11.3. Standard practice is for HITRUST to update their CSF annually—at a minimum—and this v11.3 is a relatively minor revision with two main differences:

For any organization committed to robust cybersecurity hygiene, due diligence isn’t just for your interior systems, operations, facilities, and people—it also requires vetting your service relationships with suppliers to ensure they’re also secure. This is something Microsoft clearly understands, given their rigorous Supplier Security & Privacy Assurance (SSPA) Program they require. And for said suppliers participating in the SSPA Program, there are benefits to further extending your security compliance through HITRUST certification.

When many think of a “penetration test,” the first thing that may spring to mind is cybersecurity. But in fact, you do have the option to conduct a physical penetration test—or, a simulation of a physical attack on your premises.

TAMPA, Fla. – April 16, 2024 – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is pleased to announce that the firm is now able to support Australia’s Infosec Registered Assessors Program (IRAP) assessments. This milestone marks a significant advancement in the firm’s global capabilities, enabling it to provide comprehensive cybersecurity evaluations tailored to the needs of organizations with an Australian presence.

In January 2024, the AI Governance Alliance—an arm of the World Economic Forum (WEF)— released a series of three papers covering several important artificial intelligence (AI) topics:

On February 23, 2024, ISO (along with the International Accreditation Federation (IAF)) published short amendments to all standards aligned with its Harmonized Structure. In the form of new requirement language and one additional note, ISO has now adapted climate change concerns as considerations for a wide range of popular certifications.

Amidst the evolving patchwork of data protection and privacy legislation in the United States, privacy remains a top priority for organizations. But protecting privacy also requires resources, and while not all organizations have that much to spare, it is possible to make do with only a small, dedicated team.

Trying to keep up with the rapidly emerging and evolving governance of AI? Struggling to figure out how to address customer misgivings about your AI systems?