The Schellman Blog

Though all compliance frameworks require organizations to provide an inventory of in-scope systems for testing, oftentimes assessors will find these provided lists aren’t accurate. However, there are at least two big benefits to maintaining an accurate systems inventory—enhanced efficiency and better management.

For organizations seeking to build robust environmental, social, and governance (ESG) programs, the Carbon Disclosure Project (CDP) provides one such framework that can help with global disclosure of your environmental impact. Should you choose to adhere to this standard, you would need to be assessed, after which you would receive scores regarding your environmental stewardship.

Internal Audit (IA) and Governance, Risk, and Compliance (GRC) professionals are often charged with reading SOC reports from service providers to gain an understanding of each vendor’s controls, but many may not know how you can also use these reports to also enhance, mature, and drive their own audit and governance functions.

To become FedRAMP authorized, you must pass the initial, rigorous FedRAMP assessment. But in the following years, you’ll also need to complete Annual Assessments performed by a third-party assessment organization (3PAO) if you’re interested in maintaining that compliance.

Inaugural Compliance and Risk Management Conference to Provide Insight from Leading Compliance, Cybersecurity Experts

Penetration testing and red team assessments are often conflated or confused—though they’re both advantageous cybersecurity solutions, there are distinct differences between them that any organization considering either should know. Just to be clear, a penetration test is not a red team assessment.

Generally, privacy impact assessments (PIAs) are defined as evaluation tools that help to better understand how information is gathered, used, maintained, and shared. It’s a formal analysis used to assess what privacy risks exist within the information processing activities that drive specific products and services.

A new landmark in corporate climate change legislation, California Senate Bill (SB) 253, the Climate Corporate Accountability Act, has just been passed in the California Senate, and—now that it's been signed into law by the governor—it will mandate that the applicable companies report their direct greenhouse gas emissions as well as those generated by their utilities.