The Schellman Blog

Comprised of both the PCI Secure Software Lifecycle (Secure SLC) Standard and PCI Secure Software Standard, the PCI Software Security Framework (SSF) is intended to help secure the design, development, and maintenance of software in payment environments. And while secure coding can be difficult, taking a conceptual approach to software development may make it—and PCI SSF compliance—a little easier.

If you’re in healthcare, you likely already know that maintaining HIPAA compliance requires a very thorough risk assessment. What you may not know is that HIPAA risk assessments are also an aspect of the law that is too often overlooked.

President Biden has issued a groundbreaking Executive Order to steer America toward leadership in harnessing the potential of artificial intelligence (AI) while managing its associated risks.

The Cybersecurity Maturity Model Certification (CMMC) is a framework that aims to better secure federal contract information (FCI) and controlled unclassified information (CUI) that is stored, processed, or transmitted by defense contractors and the entire defense industrial base (DIB). American defense data is incredibly valuable, and that includes highly sensitive personnel records and technical data. As such, the DIB continues to be a prime target for exploitation, and because a leak of such information could endanger the lives of government personnel and service members—not to mention the risk of billions of financial losses. Now, with the enactment of 32 CFR and 48 CFR, the Department of War (DoW) has established the legal basis of CMMC. As a premier CMMC third-party assessor organization (C3PAO) among the first authorized, we’re going to provide a complete introductory overview of this newer certification, including insight into what it constitutes, who will need CMMC, the requirements, and how to get certified so that as we approach the phased enforcement dates, you’ll be able to proceed with confidence.

Navigating the world of carbon assurance and greenhouse gas (GHG) inventories can be a complex task for any organization. However, with the guidance and expertise provided by Schellman, a trusted leader in assurance and auditing, preparing for a smooth GHG assurance becomes a manageable and essential endeavor.

In our rapidly evolving world, climate change has become an undeniable reality that affects every corner of the globe. As humanity grapples with the consequences of its actions, the responsibility to halt and reverse climate change rests on our shoulders. Businesses, spanning all sectors, are stepping up to the plate, recognizing the urgent need to measure their carbon footprints.

When a software production company requests a security assessment of its Continuous Integration (CI) and Continuous Delivery (CD) pipeline, they usually want an evaluation of the strength of its existing security measures and identification of potential security risks associated with the different components involved in storing, updating, building, and deploying their application.

Unlike Scope 1 and Scope 2 emissions—which are the direct and purchased energy emissions of a corporation, respectively—Scope 3 emissions are indirect emissions generated from activities of assets not owned or controlled by the reporting organization.