Compliance During COVID-19

Compliance During COVID-19

As we have all discovered in recent weeks, the world can change quickly, both personally and professionally.  This is truly a new time for employees—children are home from school, there’s a distant tin of dogs barking in the background of Zoom meetings, and we are all feeling Bill Murray-esque (Groundhog’s Day)  in that the days are growing indistinguishable.  With that being said, compliance may feel like the last thing on your mind, but it is more important than ever.  The combination of employees working at home on company devices connected to unsecured home networks and an increased use of video conferencing software has triggered an increase in cyberattacks—especially in the government and healthcare sector—and so, it is critical that every organization’s systems are technically equipped and properly monitored for security, privacy, and industry best practices.  The IT paradigm has shifted, and the control environment must shift along with it, as data that was once controlled within the corporate network now risks being exposed in this fully mobilized model.  Now more than ever, company control frameworks, security programs, and associated technical controls must be evaluated and potentially adjusted.  Yes, despite the massive shift in professional routine prompted by the emergence of the COVID-19 pandemic, this time also represents a perfect opportunity to examine your organization’s control framework to determine whether risks associated with a fully mobilized workforce are being addressed.

One of these risks is related to the internet solidifying itself as the backbone of IT practically overnight due to the recent increased number of employees working from home. Regardless of its vital importance, however, the same problems remain but on a grander scale.  According to an article by the Hill, the FBI’s Internet Crime Complaint Center has seen a daily complaint increase of 200-300% in cybercrimes—a trend that can plausibly be linked to this increased employee and general internet traffic which has put everyone’s systems at a greater risk of being exploited now more than before COVID-19.  The numbers don’t lie, and even if compliance to information security guidelines was already a top priority before, it is now more critical than ever.

"Clearly, security risks and exposure have grown, despite the fact that normal life has paused."

Clearly, security risks and exposure have grown, despite the fact that normal life has paused.  Ensuring that your company complies with security standards now, at a time when everyone is more vulnerable, will provide a solid foundation and response to the new normal once regular work-life resumes—because it will eventually resume.  If initiative is taken now, a security assessment, vulnerability assessment, or general computer controls check will identify those risks that may not have presented prior to this situation.

Moreover, when the economy does rebound, companies will be looking for products and services, and when they do, as a potential provider, you do not want to be held back due to an expired or absent compliance examination—completing that now will alleviate that possible issue and prevent a major security event or security event from occurring.  Having your compliance examinations in place will also show your customers that even during an unprecedented time, your organization still regarded customer data security and privacy as a top priority.

"Extraordinary circumstances do not change the deep expertise and experience that Schellman can provide"

So how exactly can you make sure your company will be ready and compliant once life returns to normal?  By trusting your compliance examinations to Schellman & Company.  Extraordinary circumstances do not change the deep expertise and experience that Schellman can provide, as our employees average of 9.1 years of experience and 225 projects completed each.  Furthermore, Schellman’s proficiency extends to multiple compliance service lines, such as SOC, PCI DSS, FedRAMP, HITRUST, ISO, and our ability to conduct these examinations in a thorough manner remains the same even during this abnormal situation.  Yes, Schellman, like many other companies, has had to adapt to working completely remotely.  However, several of our services are already usually done at least partially remotely, such as Schellman’s FedRAMP service, as Principal Stephen Halbrook points out, and our teams were equipped to make the full transition easily in other areas. Leveraging our ability to effectively cover so much ground at once increases the efficiency of the examination process compared to an in-office examination or one done by several different firms, especially since we continue to expand our certification and examination capabilities during this time.  On April 15, Schellman announced having become one of the first certification bodies to receive accreditation to perform ISO 27701 assessments.

As an organization, Schellman’s expertise and commitment to our high-quality work is unwavering, whether normal operations can go forward or if adjustments must be made.  As we all look forward to the day that our current situation is in the past, lean on Schellman today to ensure you are ready to return to business as usual when normalcy makes its highly anticipated return.

About the Author

Eric Aulbach

Eric Aulbach is a Senior Associate with Schellman & Company, LLC based in Tampa, Florida. Prior to joining Schellman & Company, LLC in 2020, Eric worked as a IT Audit Associate, for a Big 4 firm specializing in SOC 1 and SOC 2 audits. Eric has several years of experience comprised of serving clients in various industries, including manufacturing, healthcare, and information technology. Eric is now focused primarily on HIPAA, HITRUST, ISO, and SOC attestations for organizations across various industries.

More Content by Eric Aulbach
Previous Article
What AAPI Heritage Month Means to Me
What AAPI Heritage Month Means to Me

For AAPI heritage month, Schellman's Anna Tseng recognizes Asian Americans as instrumental in driving the U...

Next Article
Port Scanning: Slow is Smooth and Smooth is Fast
Port Scanning: Slow is Smooth and Smooth is Fast

For any penetration testing engagement, internet-facing services are an important part, and there are multi...


First Name
Error - something went wrong!