Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

Cybersecurity Assessments

By: Ryan Buckner
December 19th, 2024

These days, every organization has a security program to protect themselves from escalating attacks with growing sophistication. And while much of the focus centers on defending against outsider threats, an equally important component of any security effort is safeguarding against insider threats through effective employee awareness.

Blog Feature

SOC Examinations

By: Nate Kocan
December 17th, 2024

When committing to a SOC 2 examination—or any compliance initiative—one of the first questions that gets asked regards the necessary budget and time commitments. While this will vary among different organizations—depending on a few different factors—there’s also variance in the effort required to both prepare for that first examination and that spent on the ones in the following years.

Blog Feature

Cybersecurity Assessments

By: KRISTEN WILBUR
December 16th, 2024

Having seen the introduction of the EU AI Act, ISO 42001 (which regards certifications of artificial intelligence management systems), and the Digital Operational Resilience Act (DORA), 2024 was a busy year for international compliance directives and standards.

Blog Feature

FedRAMP | Penetration Testing | Red Team Assessments

By: Clint Mueller
December 16th, 2024

Since the beginning of 2024, FedRAMP Revision 5 has mandated that organizations not only perform traditional penetration tests, but also undergo comprehensive red team engagements. This new requirement reflects a broader emphasis on assessing not just technical vulnerabilities, but also the effectiveness of an organization’s overall security posture, including it’s response to sophisticated and realistic threats. Over the past year, we’ve conducted many red team exercises, each tailored to different organizational environments and threat landscapes. These engagements have varied significantly in scope and complexity, offering us a wealth of insights into both our successes and the challenges we’ve faced.

Blog Feature

News

By: Schellman
December 11th, 2024

TAMPA, Fla.--(BUSINESS WIRE)-- Schellman & Company, LLC, a leading provider of attestation and compliance services and top 50 CPA firm, is pleased to announce the carve-out acquisition of the Third-Party Risk Management (TPRM) practice from Connor Consulting. This deal marks another significant milestone in Schellman’s strategic growth through acquisitions and its dedication to delivering tailored, independent compliance and governance assessments.

Blog Feature

Payment Card Assessments

By: Salvatore Butera
December 10th, 2024

Across the current digital economy, more and more are going passwordless—with tech conglomerates like Apple, Microsoft, and Google leading the way, organizations are pivoting to other cybersecurity solutions to better secure information and simplify workflows. But replacing passwords with alternatives successfully also means accounting for extended related factors—including those that could impact your PCI DSS compliance.

Blog Feature

ISO Certifications | Artificial Intelligence

By: Danny Manimbo
December 9th, 2024

Since the release of ISO 42001 in late December 2023, it’s been a year of discovery and education regarding this new flagship artificial intelligence (AI) standard in terms of determining its applicability, use case(s), and benefits to organizations. For those who have since determined ISO 42001 is the right framework for them, the next step has been to prepare for certification, and that involves more than a few steps.

Blog Feature

Federal Assessments

By: Doug Stonier
December 6th, 2024

When deciding to take on a new compliance initiative, one question that often gets asked is whether or not work done for prior assessments can be leveraged to save time or money. For those who have pursued FedRAMP Authorization and now wish to go through IRAP—both frameworks that must be adhered to as a means to do business with two different governments—the good news is that your experience with FedRAMP will provide a solid foundation for IRAP.

{