Jeff Schiess is a Managing Director with Schellman. Jeff is focused on governance, risk and compliance (GRC) assessments, including performing System Organization Controls (SOC 1 and 2) reporting, Health Insurance Portability and Accountability Act (HIPAA), International Organization for Standardization (ISO) 27001, and NIST CSF. Jeff has worked with Fortune 1000 and publicly traded companies across a wide range of industries, including Software-as-a-Service providers, cybersecurity services, data center hosting providers, financial services, insurance claims processing, and information technology.
Cybersecurity Assessments | Federal Assessments
By:
Jeff Schiess
November 14th, 2024
In today’s ever-evolving cyber threat landscape, maintaining robust cybersecurity isn’t just a regulatory requirement—it’s a business imperative, and there are multiple avenues organizations can take to do so.
By:
Jeff Schiess
October 28th, 2024
While the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is technically just a set of guidelines, best practices, and standards intended to improve your infrastructure so that organizations can better manage and reduce cybersecurity risk, it’s possible to go through a five-step assessment process to make sure you really are adhering to those standards and provide independent assurance to your customers.
By:
Jeff Schiess
May 25th, 2023
Anyone who has ever chosen a workout program likely started with the same goal—to improve their physical health or strength. But in exercise, different people will choose to address different things—some may opt for a comprehensive workout like CrossFit, some may choose martial arts, and others may choose Olympic weightlifting. No matter what approach you choose, you’ll improve your well-being.
By:
Jeff Schiess
November 24th, 2014
Organizations take different approaches when it comes to documenting their policies and procedures. Some prioritize keeping them well-documented and easily accessible to employees at all times. Others may only recognize their importance when planning and preparing for an audit as they conduct an extensive review of their existing documentation to determine if they meet audit guideline requirements. Meanwhile, there are companies that overlook or neglect the need for formal policies and procedure documentation altogether.