Blog

To locate a specific post or topic, simply use the search box on the upper right next to the magnifying glass icon

  • How to Bridge From SOC 1 to SOC 2: Understanding the Relationship

    How to Bridge From SOC 1 to SOC 2: Understanding the Relationship

    Curious if your completed SOC 1 examination can help with a possible SOC 2? We overview how to connect your work in these two audits & how to choose the right path for you regarding your SOC reports.

    Read Article
  • ×

    First Name
    !
    Success
    Error - something went wrong!
  • Are ITGCs Important?

    Are ITGCs Important?

    Wondering about ITGCs? We detail what these information technology general controls are, the role they play within your organization, and how to maintain them.

    Read Article
  • How Can We Individually Impact Our Global Environment?

    How Can We Individually Impact Our Global Environment?

    As part of the launch of our latest employee resource group, SchellmanECO, learn all the small ways individuals can help preserve the world we live in.

    Read Article
  • What is an External Network Penetration Test?

    What is an External Network Penetration Test?

    Penetration testing can mean a number of different things and approaches. We break down one specific kind of test that may suit your cybersecurity needs.

    Read Article
  • FedRAMP vs. StateRAMP

    FedRAMP vs. StateRAMP

    FedRAMP has become quite popular, but did you know you also have the option of StateRAMP? We draw comparisons between these 2 compliance initiatives so that you get a sense of which is best for you.

    Read Article
  • Schellman vs. Other Single-Provider Cybersecurity Services Firms

    Schellman vs. Other Single-Provider Cybersecurity Services Firms

    How does Schellman stack up against similar firms? To get you started on your comparisons, here's a high-level introduction to 3 organizations that can all handle a lot of your compliance needs.

    Read Article
  • Schellman Becomes Accredited Identity Credential Assessor for the Kantara Initiative

    Schellman Becomes Accredited Identity Credential Assessor for the Kantara Initiative

    Schellman announces that it is now an accredited assessor under the Kantara Initiative.

    Read Article
  • Juneteenth: Why We Celebrate

    Juneteenth: Why We Celebrate

    SchellmanPRISM provides a history of Juneteenth as the 2022 commemoration approaches.

    Read Article
  • What’s in Scope for Your P2PE Solution Assessment

    What’s in Scope for Your P2PE Solution Assessment

    Scoping in compliance can be complicated. For those who provide P2PE solutions, we explain what will fall into scope for your assessment no matter how much of your solution you outsource.

    Read Article
  • What Does a Penetration Test Cost? Scope Factors That Matter

    What Does a Penetration Test Cost? Scope Factors That Matter

    Wondering what a pen test costs? Your scope will play a huge part in price--we detail different kinds of pen tests and the scoping factors that will affect your final number.

    Read Article
  • When to Engage a FedRAMP Consultant vs. When to Engage a 3PAO

    When to Engage a FedRAMP Consultant vs. When to Engage a 3PAO

    Trying to get started with FedRAMP? To help you avoid confusion, we break down what kind of firm you need and when so that your cloud service offering gets compliant sooner.

    Read Article
  • What Is Schellman’s Penetration Test Project Process?

    What Is Schellman’s Penetration Test Project Process?

    Do you need a penetration test of some sort? We detail, step-by-step, what the experience of such a process with Schellman would look like so you can better set expectations for your own pen test.

    Read Article
  • 3 Questions to Ask Your Single-Provider Cybersecurity Firm

    3 Questions to Ask Your Single-Provider Cybersecurity Firm

    Considering consolidating all your audits under one provider? Here are 3 questions you should ask every firm you vet to ensure you have the best experience when giving someone all that responsibility.

    Read Article
  • Preparing for CMMC: Three Things You Can Do Right Now

    Preparing for CMMC: Three Things You Can Do Right Now

    Though CMMC is officially still on the way, there is plenty you can do right now to get ready. We break down 3 ways you can prepare starting now, using resources already available to you.

    Read Article
  • How Has Schellman’s Corporate Trip Evolved & Why Is It Important to the Firm?

    How Has Schellman’s Corporate Trip Evolved & Why Is It Important to the Firm?

    Our annual retreat is always a big highlight of Schellman's year. A staple from our very beginning, learn about how the trip has evolved over time and what all it entails--including a ton of fun!

    Read Article
  • Why You Should Care About Pipedream – A Specialized Malware Threat

    Why You Should Care About Pipedream – A Specialized Malware Threat

    Pipedream has become a threat to industrial control systems. Learn why and how this malware can affect critical infrastructure as well as what you can do to protect yourself against it.

    Read Article
  • Do You Have to Remediate Audit Findings?

    Do You Have to Remediate Audit Findings?

    Did you have a finding turn up in your SOC audit? Learn about why remediation is important every time, when you should do that, and what you can do in the meantime should you need to delay.

    Read Article
  • Which SOC Method Should You Use? Carve-Out vs. Inclusive

    Which SOC Method Should You Use? Carve-Out vs. Inclusive

    Going through a SOC examination and not sure what to do about your subservice organizations? We break down the two options you have, as well as considerations to make before selecting a method.

    Read Article
  • Preparing for Web 3.0

    Preparing for Web 3.0

    Web 3.0 is coming—did you know? But what is Web 3.0? We explain that, along with what's holding up its adoption and how it will change our collective digital future.

    Read Article
  • Which Big 4 Firm Should Perform Your SOC Audit?

    Which Big 4 Firm Should Perform Your SOC Audit?

    The Big 4 are usually everyone's first instinct when it comes to SOC reports. We break each firm down and provide questions you can ask them all as you search for the right compliance firm for you.

    Read Article
  • loading
    Loading More...