Blog
To locate a specific post or topic, simply use the search box on the upper right next to the magnifying glass icon
-
How to Bridge From SOC 1 to SOC 2: Understanding the Relationship
Curious if your completed SOC 1 examination can help with a possible SOC 2? We overview how to connect your work in these two audits & how to choose the right path for you regarding your SOC reports.
-
Are ITGCs Important?
Wondering about ITGCs? We detail what these information technology general controls are, the role they play within your organization, and how to maintain them.
-
How Can We Individually Impact Our Global Environment?
As part of the launch of our latest employee resource group, SchellmanECO, learn all the small ways individuals can help preserve the world we live in.
-
What is an External Network Penetration Test?
Penetration testing can mean a number of different things and approaches. We break down one specific kind of test that may suit your cybersecurity needs.
-
FedRAMP vs. StateRAMP
FedRAMP has become quite popular, but did you know you also have the option of StateRAMP? We draw comparisons between these 2 compliance initiatives so that you get a sense of which is best for you.
-
Schellman vs. Other Single-Provider Cybersecurity Services Firms
How does Schellman stack up against similar firms? To get you started on your comparisons, here's a high-level introduction to 3 organizations that can all handle a lot of your compliance needs.
-
Schellman Becomes Accredited Identity Credential Assessor for the Kantara Initiative
Schellman announces that it is now an accredited assessor under the Kantara Initiative.
-
Juneteenth: Why We Celebrate
SchellmanPRISM provides a history of Juneteenth as the 2022 commemoration approaches.
-
What’s in Scope for Your P2PE Solution Assessment
Scoping in compliance can be complicated. For those who provide P2PE solutions, we explain what will fall into scope for your assessment no matter how much of your solution you outsource.
-
What Does a Penetration Test Cost? Scope Factors That Matter
Wondering what a pen test costs? Your scope will play a huge part in price--we detail different kinds of pen tests and the scoping factors that will affect your final number.
-
When to Engage a FedRAMP Consultant vs. When to Engage a 3PAO
Trying to get started with FedRAMP? To help you avoid confusion, we break down what kind of firm you need and when so that your cloud service offering gets compliant sooner.
-
What Is Schellman’s Penetration Test Project Process?
Do you need a penetration test of some sort? We detail, step-by-step, what the experience of such a process with Schellman would look like so you can better set expectations for your own pen test.
-
3 Questions to Ask Your Single-Provider Cybersecurity Firm
Considering consolidating all your audits under one provider? Here are 3 questions you should ask every firm you vet to ensure you have the best experience when giving someone all that responsibility.
-
Preparing for CMMC: Three Things You Can Do Right Now
Though CMMC is officially still on the way, there is plenty you can do right now to get ready. We break down 3 ways you can prepare starting now, using resources already available to you.
-
How Has Schellman’s Corporate Trip Evolved & Why Is It Important to the Firm?
Our annual retreat is always a big highlight of Schellman's year. A staple from our very beginning, learn about how the trip has evolved over time and what all it entails--including a ton of fun!
-
Why You Should Care About Pipedream – A Specialized Malware Threat
Pipedream has become a threat to industrial control systems. Learn why and how this malware can affect critical infrastructure as well as what you can do to protect yourself against it.
-
Do You Have to Remediate Audit Findings?
Did you have a finding turn up in your SOC audit? Learn about why remediation is important every time, when you should do that, and what you can do in the meantime should you need to delay.
-
Which SOC Method Should You Use? Carve-Out vs. Inclusive
Going through a SOC examination and not sure what to do about your subservice organizations? We break down the two options you have, as well as considerations to make before selecting a method.
-
Preparing for Web 3.0
Web 3.0 is coming—did you know? But what is Web 3.0? We explain that, along with what's holding up its adoption and how it will change our collective digital future.
-
Which Big 4 Firm Should Perform Your SOC Audit?
The Big 4 are usually everyone's first instinct when it comes to SOC reports. We break each firm down and provide questions you can ask them all as you search for the right compliance firm for you.
-
Loading More...