Ask the Assessors - CMMC Edition! Join us Thursday, December 14th @ 1:00 PM (EST)

Services
Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Subscribe to Weekly Updates

Blog Feature

SOC 2 | SOC & Attestations

By: Adam Russell
October 5th, 2023

Internal Audit (IA) and Governance, Risk, and Compliance (GRC) professionals are often charged with reading SOC reports from service providers to gain an understanding of each vendor’s controls, but many may not know how you can also use these reports to also enhance, mature, and drive their own audit and governance functions.

Blog Feature

FedRAMP | Federal Assessments

By: Andy Rogers
October 3rd, 2023

To become FedRAMP authorized, you must pass the initial, rigorous FedRAMP assessment. But in the following years, you’ll also need to complete Annual Assessments performed by a third-party assessment organization (3PAO) if you’re interested in maintaining that compliance.

Blog Feature

News

By: Schellman
October 2nd, 2023

Inaugural Compliance and Risk Management Conference to Provide Insight from Leading Compliance, Cybersecurity Experts

Blog Feature

Penetration Testing | Red Team Assessments

By: JOSH TOMKIEL
September 28th, 2023

Penetration testing and red team assessments are often conflated or confused—though they’re both advantageous cybersecurity solutions, there are distinct differences between them that any organization considering either should know. Just to be clear, a penetration test is not a red team assessment.

Blog Feature

Privacy Assessments | Privacy Impact Assessment

By: Kathryn Young
September 27th, 2023

Generally, privacy impact assessments (PIAs) are defined as evaluation tools that help to better understand how information is gathered, used, maintained, and shared. It’s a formal analysis used to assess what privacy risks exist within the information processing activities that drive specific products and services.

Blog Feature

ESG

By: Tom Andresen Gosselin
September 26th, 2023

A new landmark in corporate climate change legislation, California Senate Bill (SB) 253, the Climate Corporate Accountability Act, has just been passed in the California Senate, and—now that it's been signed into law by the governor—it will mandate that the applicable companies report their direct greenhouse gas emissions as well as those generated by their utilities.

Blog Feature

Payment Card Assessments | PCI DSS v4.0

By: MATT CRANE
September 21st, 2023

In June 2023, the Payment Card Industry Security Standards Council (PCI SSC) released a new worksheet entitled “Items Noted for Improvement” (INFI)—while the Council encourages use of this worksheet for assessments based on earlier versions of PCI DSS, organizations undergoing a PCI DSS v4.0 assessment are required to use it.

Blog Feature

HITRUST | Healthcare Assessments

By: RYAN MEEHAN
September 19th, 2023

Though considered somewhat abbreviated in comparison to HITRUST’s other certification options, the HITRUST e1 Certification still represents a potentially beneficial path, particularly for those organizations that have already established their compliance programs.