Blog

TAMPA, Fla.--(BUSINESS WIRE)-- Schellman & Company, LLC, a leading provider of attestation and compliance services and top 50 CPA firm, is pleased to announce the carve-out acquisition of the Third-Party Risk Management (TPRM) practice from Connor Consulting. This deal marks another significant milestone in Schellman’s strategic growth through acquisitions and its dedication to delivering tailored, independent compliance and governance assessments.

Consider this—you’re going on an epic trip to Peru to see Machu Picchu. You have plans for incredible food, hikes, and photos, and then someone offers an extra ziplining excursion while you’re in the country. You’ve already paid so much for what will already be an amazing trip, so do you really need to make the extra investment?

TAMPA, Fla. – November 12, 2024 – Schellman Compliance, a leading provider of compliance services, is pleased to announce the successful acquisition of Sustas, LLC practice, a firm specializing in sustainability reporting services. As part of the transaction, Sustas’s clients and personnel will join Schellman, further strengthening the firm’s ability to deliver tailored, industry-leading sustainability compliance, consulting, and assurance solutions.

When the COVID-19 pandemic spread across the globe in 2020, the need for social distancing and isolation impacted the availability of in-person, non-emergency healthcare appointments. As a result, telehealth became a common way for healthcare providers to serve their patients without seeing them in-person, and with its rise came related HIPAA compliance concerns.

These days, with recent ransomware attacks disrupting healthcare providers and affecting millions of Americans, it’s become painfully clear that cybersecurity in this sector is no longer just an IT issue—it’s a patient safety issue, and the stakes are higher than ever. The proposed Health Infrastructure Security and Accountability Act of 2024 (HISAA), spearheaded by Senators Ron Wyden and Mark Warner, aims to address these vulnerabilities head-on.

ISO/IEC 42001:2023 is rapidly becoming the global standard for Artificial Intelligence (AI ) governance. While it is a close cousin of ISO/IEC 27001:2022, ISO 42001—rather than focusing primarily on cyber and information security—takes a more holistic approach to risk management for AI systems.

Within a few months of their latest update to their Data Protection Requirements (DPR) to address a coding incident (version 9.1), Microsoft released a draft or “pre-read” for their version 10 requirements that will be utilized for its Supplier Security and Privacy Assurance (SSPA) process as of the 2025 fiscal year. Arguably the largest update to the DPR since September 2018, v10’s new mandates address artificial intelligence (AI) and include important references to ISO 42001 that suppliers may want to take advantage of during their next compliance cycle.

Underscoring the firm's commitment to responsible AI, this accreditation enables Schellman to certify organizations against the first global AI standard of its kind