The Schellman Blog

The HIPAA Security Rule was first introduced in 2003 as part of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. A major update to the HIPAA Security Rule then occurred in 2013, as part of the Health Information Technology for Economic and Clinical Health (HITECH) Act. Despite the fact that that was 12 years ago, and that technology has changed significantly since then, this still stands as the most recent update.

As the adoption of artificial intelligence (AI) continues to grow and evolve across industries, so do concerns about security, trust, and responsible use and management. In response, as a joint effort between the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), the ISO/IEC 42001:2023 framework was officially published in December 2023.

A critical component of the ISO 27001 framework is the internal audit defined in Clause 9.2. The internal audit is designed to evaluate the effectiveness and compliance of your Information Security Management System (ISMS).

In our digital economy, online shopping has become second nature for consumers worldwide. Yet behind the seamless checkout experiences that we've come to expect lies a complex security challenge that merchants must navigate. With the rise of e-commerce payment processing comes the rise in threats from e-skimming attacks.

Any Cloud Service Provider (CSP) who is familiar with FedRAMP likely knows that presenting an authorization package that includes a non-FedRAMP-authorized external service storing or processing of federal metadata wouldn’t get you very far—it’s likely a showstopper. However, some may not realize that that’s not necessarily the case regarding StateRAMP.

TAMPA, Fla. – March 31, 2025 – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is pleased to announce that Schellman has expanded its offerings to perform cleared assessments for its clients. As an accredited FedRAMP® Third Party Assessment Organization (3PAO), this enables Schellman to perform Department of Defense (DoD) Impact Level 6 (IL6) assessments as well as other NIST-based assessments, SOC 2 examinations, and penetration testing for DoD systems. This milestone strengthens Schellman’s position as a trusted assessment partner for government and defense-related environments.

As more government agencies move sensitive data to the cloud, ensuring security and compliance is of paramount importance. As such, the FedRAMP (Federal Risk and Authorization Management Program) assessment and authorization process is a critical framework to ensure that cloud environments meet federal security standards.

Your IoT devices sit on your client’s networks. They may even sit there for years without the ability to obtain software updates. Your clients may even expose these devices directly to the Internet with no network firewall in place. All the same, your clients still expect these devices to always be available and secure. Before deploying these devices, your team should consider a IoT/hardware penetration test. However, before you begin this process, let’s discuss the uniqueness of this style of engagement, followed by traps to look out for when selecting a provider.