Contact Us

Services

Suite of Services

Schellman began as a SOC audit firm 20+ years ago. While we still issue more than 2,000 SOC reports each year, our clients’ trust has propelled our expansion. Today, we offer nearly 60 types of audits and assessments.

Download a PDF of All Services

Learning Center

About Us

About Us

Schellman is the only Top 50 CPA firm focused exclusively on IT Compliance and Cybersecurity, and we’re the #1 service provider for FedRAMP Assessments. Our industry-leading NPS scores, client retention, and employee retention mean our clients experience greater continuity and quality.

Schellman's 2025 People & Talent Report

2025 People & Talent Report

Certificate Directory

Services

Services

View All Services

SOC & Attestations

SOC & Attestations

SOC 1 / SSAE 18 Examination

SOC 2 Examination

SOC 3 Examination

SOC for Supply Chain

SOC for Cybersecurity

SOC Essentials for Early-Stage Companies

C5 Attestation

CSA STAR Programs

Payment Card Assessments

Payment Card Assessments

PCI DSS Validation

PCI SSF

PCI P2PE Validation

PCI PIN Assessments

PCI 3DS Compliance

ISO Certifications

ISO Certifications

ISO 27001

ISO 42001

ISO 27701

ISO 9001

ISO 22301

ISO 20000-1

ISO 14001

ISO 45001

ISO 50001

Privacy Assessments

Privacy Assessments

Global CBPR & PRP Certification

GDPR Assessment

International Privacy Assessments

US State Privacy Assessments

Microsoft SSPA/DPR Assessment

FERPA Assessment

EU Cloud Code of Conduct

Federal Assessments

Federal Assessments

FedRAMP®

CMMC / NIST SP 800-171

FISMA/NIST

ITAR

CJIS

IRAP

FTC Consent Decrees

DoD IL6

Healthcare Assessments

Healthcare Assessments

HITRUST Certification

HIPAA Compliance

HIPAA Express

EPCS-DEA Audits

Health Data Host (HDS) Certification

Penetration Testing

Penetration Testing

Application

Network

Mobile

Red Teaming

Social Engineering

Cloud

Physical

Hardware and IoT

Advanced Services

AI Red Teaming

Cybersecurity Assessments

Cybersecurity Assessments

Cloud Configuration Assessments

Ransomware Assessments

NIST Cybersecurity Framework Assessments

Schellman Software Security Assessment (S³A)

TISAX®

SWIFT Customer Security Programme

Internal Audit Co-Sourcing

MTCS Certification

ENS Certification

Crypto and Digital Trust

Crypto and Digital Trust

Schellman Training

Schellman Training

Sustainability Services

Sustainability Services

AI Services

Learning Center

About Us

About Us

Leadership Team

Leadership Team

Corporate Social Responsibility

Corporate Social Responsibility

Careers

Strategic Partnerships

Strategic Partnerships

Certificate Directory

The Schellman Blog

Blog Feature

Federal Assessments | CMMC

Prepare for CMMC: Three Things You Can Do Right Now

By: Schellman
June 7th, 2022

If you’ve never seen Man vs. Wild, it’s a television show featuring famed adventurer Bear Grylls who, in every episode, is stranded in mostly wild terrains with his film crew. His task is to get back to civilization successfully, and he showcases different survival skills during those journeys.

Blog Feature

FedRAMP | Federal Assessments

Finding Your FedRAMP Consultant: What to Ask and When

By: Andy Rogers
May 18th, 2022

In the classic 80s film, The Karate Kid, the legendary Mr. Miyagi trains Daniel LaRusso in the ways of karate. With his mastery and knowledge, Miyagi helps the kid mature and grow into a fighter of great technique and great success. It’s a given that Daniel would not have won the All Valley Tournament without the advice of Mr. Miyagi.

Blog Feature

FedRAMP | Federal Assessments

The Four Phases of the FedRAMP Ready Process

By: Matt Hungate
March 15th, 2022

Did you know? The historic Apollo 11 mission that put a man on the moon took eight days, three hours, 18 minutes, and 35 seconds.

Blog Feature

FedRAMP | Federal Assessments | Audit Readiness

The FedRAMP Readiness Assessment Report (RAR) Requirements for CSPs

By: Matt Hungate
March 3rd, 2022

The Federal Risk and Authorization Management Program (FedRAMP) is a U.S. government initiative that standardizes the security assessment and authorization process for cloud products and services used by federal agencies. Part of this process requires cloud service providers (CSPs) to complete a FedRAMP Readiness Assessment Report (RAR), which is used to determine whether they are prepared to undergo full FedRAMP authorization.

Blog Feature

Federal Assessments | NIST

Which of the NIST SP 800-Series Publications Should You Follow?

By: Schellman
February 23rd, 2022

When it comes to IKEA, we’d all probably agree that the Swedes make some great flat pack furniture that can either upgrade your space or just do in a pinch.

Blog Feature

FedRAMP | Federal Assessments | Audit Readiness

What Does it Mean to Be FedRAMP Ready?

By: Matt Hungate
February 15th, 2022

Authorization from FedRAMP allows Cloud Service Providers (CSPs) the lucrative prospect of providing services to the federal government community.

Blog Feature

Compliance and Certification | Federal Assessments | CMMC

CMMC 2.0 Scoping Insight: 2 Tips For Using PCI Context

By: Douglas Barbin
January 13th, 2022

The Belgian writer and painter Erik Pevernagie once said that “without a clear-cut vision and a proper reading of the roadmap we may not reach the buoyant shores of the horizon.”

Blog Feature

Cloud Computing | FedRAMP | Federal Assessments

How to Become FedRAMP Authorized: The 2 Approaches

By: Schellman
December 16th, 2021

If you’re a cloud service provider, you’re required to make it through the Federal Risk and Authorization Management Program (FedRAMP) in order to receive Authority to Operate (ATO) in the federal marketplace which allows you to provide your services and products for use by the federal government. There are two different avenues you can take to achieve ATO—through the Joint Authorization Board (JAB) or through an agency.

{

Previous All posts Next