The Schellman Blog

For those that were monitoring the wire, ISO/IEC 27001:2019 (ISO 27701) was released the week of August 5th. In draft form, it was previously labeled ISO/IEC 27552 (should you be wondering why that specific standard number has not been issued). You can obtain a copy of the published version here: https://www.iso.org/standard/71670.html.

We are proud to announce that the HITRUST Alliance has appointed Schellman & Co. Principal Doug Kanney to the HITRUST CSF Assessor Council and Quality Subcommittee.

Though Amazon’s Relational Database Services (RDS) can make hosting a database much easier, using them can also present new challenges, including some that crop up when you’re trying to scan against security benchmarks or meet compliance initiatives.

Even when the developments might’ve been considered fairly primitive by modern standards, technological progress has always been a definitive characteristic of humanity. Like any new tool, technology has infinite capacity to be used in all the wrong ways—in this, atomic and biological weapons come to mind. And even with better intentions, sometimes technological impact can still skew negatively, such as when society’s immense reliance on it harms our environment, health, or thought patterns.

What is it? The EU Cybersecurity Act is the fruit of an initiative started by the European Parliament in 2017 with the goals of permanently establishing an agency to address cybersecurity threats, reducing the complexity for companies to comply with cybersecurity frameworks in each EU member state, and establishing a common cybersecurity certification framework. Formal adoption of the EU Cybersecurity Act occurred on March 27, 2019 and resulted in both the formation of the EU Cybersecurity Agency (formerly the ENISA) as a permanent agency and established a cybersecurity certification framework.

Giant strides have been made in privacy rights and regulations in Europe and many parts of the globe ever since the General Data Protection Regulation (GDPR) became enforceable on May 25th, 2018. In a world with serious impediments to my privacy and yours, the GDPR, to varying degrees of success, has been slowly leveling the field in how personal data is treated; rest assured, it’s a lot more than the privacy e-mail updates you’ve been receiving and the website cookie banners you’ve been accepting. In layman’s terms, the GDPR mandates requirements for storing, processing, accessing, and protecting personal data. We’ve all heard it – failure to comply with the Regulation attracts staggering fines of up to 4% annual global turnover of the prior financial year, or €20 million, whichever is higher. Despite the laundry list of concerns surrounding the Regulation, there has been reasonable progress since the enforcement date. Here are some notable observations since the inception of GDPR that you should know:

Tampa, FL, April 3, 2019 - Schellman & Company, LLC (Schellman), a leading provider of attestation and compliance services, announced today that it has been officially certified as a Great Place to Work™. Great Place to Work is the global authority on workplace culture, employee experience and the leadership behaviors proven to deliver market-leading revenue and increased innovation.