Chris Schellman

Chris Schellman is the CEO and Founder of Schellman & Company, LLC, which is an accredited CPA Firm, PCI QSA Company, ISO 27001 Registrar, FedRAMP 3PAO, and a HITRUST CSF Assessor. He began his career focusing on IT audits and SAS 70’s and has now contributed to nearly 2,000 SOC examinations.

The Silver Linings of COVID

Despite the challenges of the pandemic, I believe that there are also silver linings to be found for all of us.

Read Article
Microsoft Uses SOC 2 To Demonstrate CSA CCM Compliance

Via Data Center Knowledge SOC 2 reporting is still in its infancy stages. However, since its introduction in 2011, BrightLine has been engaged to perform hundreds of SOC 2 projects. That’s a lot....

Read Article
SOC 1: Why SSAE 16 is Still the King of the Hill

When the American Institute of Certified Public Accountants (AICPA) released its Service Organization Controls (SOC) reporting structure in the latter half of 2011, some believed that the new SOC...

Read Article
Who's on First in Service Organization Reporting?

Remember the famous Abbott and Costello bit from the 1930’s known as “Who’s on First?” That classic scene often comes to mind when I think of CPAs explaining all of the changes to the attestation...

Read Article
Updated - Open Issues with SSAE 16

[Created - 25 May 2010] [Last Updated - 19 August 2010] In this blog post, I intend to maintain a list of issues I note with SSAE 16. I post these issues hoping that they will not linger like so...

Read Article
5 Things You Should Already Know About SSAE 16

Last month, the AICPA issued a set of standards that CPAs who do assurance engagements at service companies should examine carefully.

Read Article
SSAE 16 - An Introduction

In 2001, an international effort began to “converge” the disparate accounting standards of the world in order to provide a framework that better meets the demands of globalization. The various...

Read Article
Audit Clauses in Cloud Computing Contracts

I read an excellent article today on law.com by Edward Pisacreta, a partner at Holland and Knight. The article discusses one of the least sexy, yet most important, components of cloud computing…...

Read Article
Loading More...

Chris Schellman

The Silver Linings of COVID

Despite the challenges of the pandemic, I believe that there are also silver linings to be found for all of us.

Microsoft Uses SOC 2 To Demonstrate CSA CCM Compliance

Via Data Center Knowledge SOC 2 reporting is still in its infancy stages. However, since its introduction in 2011, BrightLine has been engaged to perform hundreds of SOC 2 projects. That’s a lot....

SOC 1: Why SSAE 16 is Still the King of the Hill

When the American Institute of Certified Public Accountants (AICPA) released its Service Organization Controls (SOC) reporting structure in the latter half of 2011, some believed that the new SOC...

Who's on First in Service Organization Reporting?

Remember the famous Abbott and Costello bit from the 1930’s known as “Who’s on First?” That classic scene often comes to mind when I think of CPAs explaining all of the changes to the attestation...

Updated - Open Issues with SSAE 16

[Created - 25 May 2010] [Last Updated - 19 August 2010] In this blog post, I intend to maintain a list of issues I note with SSAE 16. I post these issues hoping that they will not linger like so...

5 Things You Should Already Know About SSAE 16

Last month, the AICPA issued a set of standards that CPAs who do assurance engagements at service companies should examine carefully.

SSAE 16 - An Introduction

In 2001, an international effort began to “converge” the disparate accounting standards of the world in order to provide a framework that better meets the demands of globalization. The various...

Audit Clauses in Cloud Computing Contracts

I read an excellent article today on law.com by Edward Pisacreta, a partner at Holland and Knight. The article discusses one of the least sexy, yet most important, components of cloud computing…...