US DoD has been working to revise funding procurement procedures DFARS. Most important are regulations whic...
Most Recent Articles
If you have privacy obligations, a certification in ISO 27018 or ISO 27701 may suit your organization--we provide an overview of both, along with their strengths and differences to help you choose.
To help make scoping your HITRUST Assessment easier, we lay out 5 elements that will affect your final HITRUST scope and how you should factor them in.
Introducing HIPAA Express, a one-of-a-kind, risk-based assessment that can help healthcare providers and systems protect themselves from ransomware, breaches, and perhaps even OCR fines.
As the world moves towards the next iteration of the Internet Age, understand this shift to digital identity, how important it will become, & how some countries are already taking steps to protect it.
Schellman has now dedicated office space in Ohio to support our one-of-a-kind initiative for recent college graduates. Learn about the Emerging Talent Program and how it can jumpstart your career.
NIST SP 800-171 has recently been gaining traction given its relevance to the upcoming launch of CMMC. Learn how this publication fits in with federal frameworks and the requirements it lays out.
Invested in a web application penetration test? We detail what this specific test is, as well as 5 things you need to prepare so that you can streamline your experience as much as possible.
Low-cost audit firms appeal to budgets everywhere, but before you make your decision, we offer 5 things to consider because what you purchase at a low price might not necessarily mean low total cost.
Not sure if you're liable under HIPAA? Learn how a business associate is defined, as well as their roles and responsibilities in HIPAA compliance and how to avoid liability.
The APEC CBPR/PRP privacy framework is going global, and it could benefit your organization. We detail what these new certifications are, who's involved, and 5 ways they can advantage you.
ISO 9001 & 27001 address different aspects of business, but the way the standards align could provide a double advantage. Learn more about their commonalities & whether integration could benefit you.
Introducing Bhavna Dave, our new Chief People & Culture Officer, who will take charge of furthering Schellman's inclusive environment and ensure that we continue to prioritize our people.
Not sure where to begin with CMMC? It all starts with CUI—we explain how this type of data plays into your necessary level of CMMC compliance, including the type of assessment and what's in-scope.
Interested in HITRUST certification? Learn the details of the two different kinds of assessment and how each works so that you choose the right compliance route for you.
"SOC reports" are a staple in compliance, but there are so many different kinds. Learn about each of these specialized standards and their related reports to understand which may serve you best.
Schellman is one of many 3PAOs capable of helping organizations achieve FedRAMP ATO. As you search for the right firm for you, here are 3 things you need to know about us & our FedRAMP capabilities.
Anticipating the release of ISO/IEC 27001:2022? Learn about some key details regarding what your transition to the new version will require.
Now that the new guidance is out, understand what's changed and the 6 attack vectors that will factor into your next FedRAMP penetration test.
Want to reduce your workload during your PCI DSS process? You may have options with the Self-Assessment Questionnaire (SAQ) to do so—we explain how payment processing plays a role in scope reduction.
Confused about HIPAA audit logs and their retention? We break down where you can look for guidance--within the regulation and outside of it--while also providing best practices to maintain compliance.