<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1977396509252409&amp;ev=PageView&amp;noscript=1">
Contact a Specialist
Industry Solutions
Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Learning Center
Learning Center
Articles
Articles
Whitepapers
Whitepapers
Case Studies
Case Studies
Events & Live Webinars
Events & Live Webinars
On-Demand Webinars
On-Demand Webinars
Compliance Reliance
Compliance Reliance
About Us
About Us
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility

Blog

The Schellman Advantage Blog

Stay up to date with the latest compliance news from the Schellman Advantage blog.

Blog Feature

FedRAMP | ISO 27001 / 27002

By: STUTAY MONGA
June 5th, 2017

Over the last few years, there has been a push to obtain cloud computing solutions at almost every turn.  A plethora of companies continue to provide cloud services to their existing clientele; however, much of the federal clientele remains untouched.  The Federal Risk and Authorization Management Program (FedRAMP) provides the ability for companies to follow a standardized approach in terms of security assessments, authorizations, and continuous monitoring of cloud products and services offered to the federal government.

Blog Feature

ISO 27001 / 27002

By: SCOTT ZELKO
May 25th, 2017

When you think of a data breach, what comes to mind? It’s probably the image of a hacker stealing data from a large business or company that stores an abundance of customer data—like Target, for instance. Data breaches are expanding from companies and healthcare organizations and are also becoming a real concern for law firms.

Blog Feature

ISO 27001 / 27002

By: JAY IMSZENNIK
March 3rd, 2017

The intent of achieving and maintaining compliance with ISO 27001 is for an organization to demonstrate its continuing ability to proactively assess their information security risk posture and manage that risk according to the organizations’ risk appetite.  The focus is truly on the governance and maintenance of the information security management system (ISMS).

Blog Feature

ISO 27001 / 27002

By: RYAN MACKIE
October 18th, 2016

Introduction ISO/IEC 27001:2015 (ISO 27001) certification is becoming more of a conversation in most major businesses in the United States. To provide some depth, there was a 20% increase in ISO 27001 certificates maintained globally (comparing the numbers from 2014 to 2015 as noted in the recent ISO survey). As for North America, there was a 78% growth rate in ISO 27001 certificates maintained, compared to those in North America in 2014. So it is clear evidence that the compliance effort known as ISO 27001 is making its imprint on organizations in the United States. However, it’s just the beginning. Globally, there are 27,563 ISO 27001 certificates maintained, of which only 1247 are maintained in the United States; that is 4.5% of all ISO 27001 certificates.

Blog Feature

SOC | ISO 27001 / 27002

By: DANNY MANIMBO
September 6th, 2016

With the rising popularity of compliance efforts today driven by factors such as customer demands, regulatory requirements, and/or a company’s willingness to demonstrate their internal control environment to external parties, the question often arises as to which compliance undertaking is the most beneficial for organizations to undergo. Lately, we’ve noticed a large surge in both our SOC 2 and ISO 27001 service lines, but which is the better for your organization? To begin to tackle this question, it’s important to first get some background information on both SOC 2 and ISO 27001 to understand their differences, similarities, and how they could potentially complement each other.

Blog Feature

News | ISO 27001 / 27002

By: Schellman
August 25th, 2016

TAMPA, FL— August 25, 2016 – Schellman & Company, LLC (Schellman), a leading provider of compliance services, has been awarded accreditation by the ANSI-ASQ National Accreditation Board (ANAB) for ISO/IEC 20000-1 certification services. The new accreditation adds to the existing ISO 9001 accreditation Schellman received from ANAB in December, as well as the ISO/IEC 27001 accreditation Schellman received from the ANAB ANAB in 2011 and from the United Kingdom Accreditation Service (UKAS) in 2015.

Blog Feature

ISO 27001 / 27002

By: STUTAY MONGA
August 1st, 2016

An internal audit process should be present within the organization, and is vital to the design and effectiveness of any information security program. The requirements of an internal audit can be referred to in Clause 9.2 within the ISO-27001 standard. The process and time constraints of an internal audit vary based on the size and structure of the company.  Also, a greater sense of detail and effectiveness of an internal audit should be similar across all organizations. Initially, a plethora of clients believe that an internal audit is a simple walkthrough of organizational specific processes and applicable controls; however, the internal audit requires the organization to review the ISO-27001 framework and all in-scope Annex A controls based on the Statement of Applicability (SOA). As a result, the ISO-27001 internal audit happens to be more stringent and control focused than many organizations believe it to be prior to beginning the audit.  

Blog Feature

ISO 27001 / 27002

By: RYAN MACKIE
July 18th, 2016

An ISO 27001 certification can help your business stand out. It lets your customers and potential customers know you care about and will protect their information. It can also help you streamline internal processes.