Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

Cybersecurity Assessments | Payment Card Assessments | Compliance and Certification | Privacy Assessments | Federal Assessments | Crypto and Digital Trust | ISO Certifications | Healthcare Assessments | SOC Examinations

By: Christian Underkoffler
April 30th, 2025

In today’s complex and constantly evolving regulatory environment, businesses face an ever-growing array of compliance requirements across multiple frameworks ranging from FedRAMP, PCI, ISO, GDPR, and HIPAA, to name a few. Navigating these compliance waters is increasingly challenging, particularly with regards to cybersecurity and data protection. However, there are measures you can take to significantly refine your compliance processes. In this article, we will explore how streamlining all of your compliance efforts with a single trusted provider can not only simplify your processes but also enhance your overall security posture.

Blog Feature

Cybersecurity Assessments | Cloud Computing | SOC Examinations | SOC 2

By: Nate Kocan
April 29th, 2025

As cloud services continue to expand globally, service providers are increasingly expected to demonstrate compliance with a variety of frameworks depending on where their customers operate. Two commonly requested assurance reports include the American Institute of Certified Public Accountants (AICPA) SOC 2 attestation report and the German Federal Office for Information Security (Bundesmat fur Sicherheit in der Informationstechnik, or “BSI”) Cloud Computing Compliance Criteria Catalogue (C5) attestation report.

Blog Feature

Cybersecurity Assessments | Audit Readiness

By: Natasha Camacho
April 17th, 2025

In cybersecurity, identifying and assessing vulnerable services is essential for effectively protecting an organization’s security stance. Two crucial elements that influence service security are protocols and ports.

Blog Feature

Cybersecurity Assessments | FedRAMP | News | Federal Assessments

By: Schellman
March 31st, 2025

TAMPA, Fla. – March 31, 2025 – Schellman, a leading provider of attestation and compliance services and a top 50 CPA firm, is pleased to announce that Schellman has expanded its offerings to perform cleared assessments for its clients. As an accredited FedRAMP® Third Party Assessment Organization (3PAO), this enables Schellman to perform Department of Defense (DoD) Impact Level 6 (IL6) assessments as well as other NIST-based assessments, SOC 2 examinations, and penetration testing for DoD systems. This milestone strengthens Schellman’s position as a trusted assessment partner for government and defense-related environments.

Blog Feature

Cybersecurity Assessments | TPRM

By: Tu Nguyen
February 26th, 2025

If you’ve seen the news lately, you know that breaches stemming from third-party vendors are on the rise, and it seems no organization is truly safe. Whether you’re still actively contracted with a third party or have ceased providing services, recent incidents prove you’re still at risk, making effective third-party risk management (TPRM) a must to avoid what could be disastrous consequences.

Blog Feature

Cybersecurity Assessments | TPRM

By: Sara Mylin
January 16th, 2025

These days, it’s not enough to simply secure your organization—you’ve to ensure your vendors are secure as well. More and more, bad actors aren’t stopping at the first line of infiltration—they’re using the access obtained to penetrate through to affect their victim’s supply chain, making it incredibly important for organizations everywhere to maintain effective and comprehensive third-party risk management (TPRM), something that can be elevated by way of an external assessment.

Blog Feature

Cybersecurity Assessments

By: Ryan Buckner
December 19th, 2024

These days, every organization has a security program to protect themselves from escalating attacks with growing sophistication. And while much of the focus centers on defending against outsider threats, an equally important component of any security effort is safeguarding against insider threats through effective employee awareness.

Blog Feature

Cybersecurity Assessments

By: KRISTEN WILBUR
December 16th, 2024

Having seen the introduction of the EU AI Act, ISO 42001 (which regards certifications of artificial intelligence management systems), and the Digital Operational Resilience Act (DORA), 2024 was a busy year for international compliance directives and standards.

{