Debbie Zaller

Debbie is Principal and co-owner at Schellman & Company, LLC. She began her career in 2000 while working at Arthur Andersen in their Technology Risk Assurance practice. Debbie now leads the Midwest Region along with the Privacy, SOC 2 and SOC 3 service lines and is also on the AICPA’s SOC Specialist Task Force. She is responsible for internal training, methodology creation, and quality reporting. Debbie was a past member of the Florida Institute of Certified Public Accountants’ Board of Governors and served on the Finance and Office Advisory Committee. She also served on the AICPA’s Advanced SOC for Service Organizations Certificate Task Force.

4:00

APEC Privacy Certification

Watch Video
3:32

Microsoft SSPA Program

Watch Video
5:07

The GDPR Turns Two

Watch Video
2:03

Positive Experiences From Quarantine

What good have you seen from this time?

Watch Episode
1:46

Helpful Tips During Isolation

Watch Episode
California Privacy Law: Its Impact on Businesses

A sweeping consumer privacy law went into effect in 2020 in the state of California but it seems many businesses are still not yet ready to comply.

Read Article
Locking up the 'internet of things'

A wide range of internet of things connected devices are now required to include reasonable and appropriate cybersecurity measures under a California law that went into effect Jan 1.

Read Article
Cross-Border Privacy System Gains Second U.S. Compliance Agent

(Article originally published on BloombergLaw.com)

Read Article
APEC announces new US accountability agent for CBPR certifications

The Asia-Pacific Economic Cooperation is set to boost the status of its Cross-Border Privacy Rules program in the U.S.

Read Article
8 Steps to Effective Multi-Cloud Cost Management

Strategic thinking and careful planning can help you squeeze the maximum value out of your multi-cloud environment. Here are eight tips to help you get started.

Read Article
SOC, Meet Cybersecurity

As global cyberattacks become more common, organizations are fine tuning, or even implementing, a cybersecurity risk management program

Read Article
What You Need to Know About Changes to the STAR Program

The CSA recently announced that the STAR Program will now allow a one-time, first-year only, Type 1 STAR Attestation report. What is a Type 1 versus Type 2 examination and what are the...

Read Article
Tell The World: "I've Completed My Audits!!"

Read Article
5 Simple Steps for Creating an Effective Change Management Program

Identifying changes that must be made is the easy part. Managing those changes successfully—not so simple! Organizations today need to be extraordinary at adapting to or influencing changes in...

Read Article
How CISOs Can Work With Other Execs to Manage Information Security Risks

Unfortunately, 2015 saw some seriously impressive information security hacks, the likes of which included those at major companies and entities like VTech, T-Mobile, the FBI, and even Trump...

Read Article
Privacy Principle Undergoes an Overhaul.

The AICPA just released an updated version of TSP Section 100. The update amends TSP Section 100 and supersedes Appendix C of TSP Section 100A, which relates to the Generally Accepted Privacy...

Read Article
Tips for Creating a Security Whistleblower Strategy

When you hear the word “whistleblower,” do you think business traitor or Good Samaritan? In most company cultures, it tends to be the former, which is unfortunate because more often than not,...

Read Article
4 Tips for Minimizing Internal Fraud

Your company has internal security measures in place, and it has met many compliance requirements. But do these things mean your business is now immune to fraud? Probably not. Research shows that...

Read Article
3 Things CEOs Need to Know About Compliance

As CEO of your company, you’ve worked hard to grow the business and ensure success. But there can be a roadblock to future growth of your organization—lack of compliance. This can have several...

Read Article
Does PCI provide an Attestation of Compliance report?

The result of a compliant PCI DSS assessment is the generation of an Attestation of Compliance (AOC) as well as a Report on Compliance (RoC). The AOC is attesting to the organization’s compliance...

Read Article
Loading More...

Debbie Zaller

APEC Privacy Certification

Microsoft SSPA Program

The GDPR Turns Two

Positive Experiences From Quarantine

What good have you seen from this time?

Helpful Tips During Isolation

California Privacy Law: Its Impact on Businesses

A sweeping consumer privacy law went into effect in 2020 in the state of California but it seems many businesses are still not yet ready to comply.

Locking up the 'internet of things'

A wide range of internet of things connected devices are now required to include reasonable and appropriate cybersecurity measures under a California law that went into effect Jan 1.

Cross-Border Privacy System Gains Second U.S. Compliance Agent

(Article originally published on BloombergLaw.com)

APEC announces new US accountability agent for CBPR certifications

The Asia-Pacific Economic Cooperation is set to boost the status of its Cross-Border Privacy Rules program in the U.S.

8 Steps to Effective Multi-Cloud Cost Management

Strategic thinking and careful planning can help you squeeze the maximum value out of your multi-cloud environment. Here are eight tips to help you get started.

SOC, Meet Cybersecurity

As global cyberattacks become more common, organizations are fine tuning, or even implementing, a cybersecurity risk management program

What You Need to Know About Changes to the STAR Program

The CSA recently announced that the STAR Program will now allow a one-time, first-year only, Type 1 STAR Attestation report. What is a Type 1 versus Type 2 examination and what are the...

Tell The World: "I've Completed My Audits!!"

5 Simple Steps for Creating an Effective Change Management Program

Identifying changes that must be made is the easy part. Managing those changes successfully—not so simple! Organizations today need to be extraordinary at adapting to or influencing changes in...

How CISOs Can Work With Other Execs to Manage Information Security Risks

Unfortunately, 2015 saw some seriously impressive information security hacks, the likes of which included those at major companies and entities like VTech, T-Mobile, the FBI, and even Trump...

Privacy Principle Undergoes an Overhaul.

The AICPA just released an updated version of TSP Section 100. The update amends TSP Section 100 and supersedes Appendix C of TSP Section 100A, which relates to the Generally Accepted Privacy...

Tips for Creating a Security Whistleblower Strategy

When you hear the word “whistleblower,” do you think business traitor or Good Samaritan? In most company cultures, it tends to be the former, which is unfortunate because more often than not,...

4 Tips for Minimizing Internal Fraud

Your company has internal security measures in place, and it has met many compliance requirements. But do these things mean your business is now immune to fraud? Probably not. Research shows that...

3 Things CEOs Need to Know About Compliance

As CEO of your company, you’ve worked hard to grow the business and ensure success. But there can be a roadblock to future growth of your organization—lack of compliance. This can have several...

Does PCI provide an Attestation of Compliance report?

The result of a compliant PCI DSS assessment is the generation of an Attestation of Compliance (AOC) as well as a Report on Compliance (RoC). The AOC is attesting to the organization’s compliance...