The Schellman Blog

ISO certifications in general have become popular tools used to demonstrate an organization’s compliance with certain standards. While ISO 27001 itself can give your customers quite a lot of reassurance, there’s also something to be said about combining it with ISO 9001 certification.

Cyber threats continue to escalate in both frequency and economic impact. Where earlier estimates from the U.S. Council of Economic Advisors placed the cost of malicious cyber activity to the U.S. economy between $57 billion and $109 billion in 2016, more recent data shows this threat has grown exponentially. In the U.S., these cyber threats are not a problem our government, and more specifically our military, can leave unchecked, particularly when it comes to the theft of valuable intellectual property and sensitive information from all industrial sectors. The potential backlash on our economic security and national security is too great, so action had to be taken. If you’re doing business in the Defense Industrial Base (DIB) sector, you will soon need to become CMMC certified. Within this newer program meant to protect information within the supply chain of the Department of Defense (DoD), there are three levels and their related assessments. If you’re wondering which level is right for you, don’t worry—in this article, we’ll explore the different levels of CMMC compliance you can achieve, but we won’t be able to do that without first addressing the critical importance of CUI. Then, you’ll understand how all these pieces fit together and have a better idea of which level is right for your organization and what to expect in the process.

TAMPA, FL: Tampa-based Schellman, a leading provider of attestation and compliance services, continues to emphasize its people and culture investment, now through the appointment of Bhavna Dave as the company’s new Chief People & Culture Officer.

Ernest Hemingway once said, “the best way to find out if you can trust somebody is to trust them.”

If you’re a cloud service provider (CSP) seeking FedRAMP Authority to Operate (ATO), you may be wondering if Schellman is the right compliance firm to partner with.

The below blog, originally dated January 26, 2023, has now been updated as the cited IAF MD 26 was updated on February 15, 2023. IAF MD 26 Issue 2 resulted in the following main changes that are now also detailed further within this article (ordered in terms of importance)

For the first time since 2017, the FedRAMP Project Management Office (PMO) has updated the Penetration Testing Guidance document.

Picture this: you’re a child getting ready to head to the beach. Your parents grab your swimsuit, sand bucket, towel, flippy floppies, sunscreen, water, and snacks, and you’re all out the door. For you, it’s been a fairly simple operation to have some fun.