Chris Smith from Schellman & Company, LLC Selected to Attend AICPA’s 2021 Leadership Academy Tampa, FL – August 3, 2021 – Schellman & Company, LLC, a leading provider of attestation and compliance services, is proud to announce that Chris Smith, CPA, CISSP, CISA, CIPP/US, ISO 27001 LA is one of only 30 CPAs to be honored by the American Institute of CPAs (AICPA) with a place as part of the Leadership Academy’s 13th graduating class. Chris was selected based on his exceptional leadership skills and professional experience for the four-day Leadership Academy program, which will take place virtually October 25-28, 2021.

We are proud to announce that the HITRUST Alliance has appointed Schellman & Co. Principal Doug Kanney to the HITRUST CSF Assessor Council and Quality Subcommittee. Below is the official press release announcing the latest HITRUST CSF Assessor Council members (https://hitrustalliance.net/councils/):

Tampa, FL, April 3, 2019 - Schellman & Company, LLC (Schellman), a leading provider of attestation and compliance services, announced today that it has been officially certified as a Great Place to Work™. Great Place to Work is the global authority on workplace culture, employee experience and the leadership behaviors proven to deliver market-leading revenue and increased innovation.

If your organization is a current or aspiring Microsoft vendor, you’re probably familiar with the Microsoft Supplier Security and Privacy Assurance Program (SSPA) program (previously called the Vendor Privacy Assurance Program). Vendors providing services with a high business impact may be required to provide a letter of attestation from a qualified independent assessor such as Schellman. You might be wondering what this requirement means for your business and what to expect during the attestation process.

The fight against cyber threats is one that requires much more preparation than it may have in the past. Today, threats and attacks are disrupting business operations and unnerving boards of directors, managers, customers, investors, and other stakeholders in organizations of all sizes, both public and private. The first rule in a fight is to protect yourself at all times, and the AICPA's SOC for Cybersecurity reporting framework can help.

What keeps security professionals up at night isn’t the idea of outsider threats attacking their companies—it’s their employees. Nearly 61 percent of security leaders surveyed said their biggest issue is worrying about negligent or malicious employees, which they claim are responsible for over half of their organization’s data breaches or security incidents.

Determining the scope of an assessment against the HITRUST Common Security Framework (CSF) is one of the first and most important tasks of the entire HITRUST assessment process. The assessment scope is a major factor in the level of effort required to complete an assessment, and is important to relying entities in determining if the services they use are assessed against the HITRUST CSF. However, for organizations with large or complex IT environments, the task of determining the scope of their HITRUST assessment(s) may seem daunting.

HITRUST Basics The HITRUST set of security controls and safeguards (referred to as the ‘CSF’ or ‘Common Security Framework’) was developed using a risk-based approach to address the multitude of security, privacy, and regulatory challenges facing healthcare organizations. It includes control points derived from the HIPAA, HITECH, NIST, ISO, PCI, FTC, COBIT frameworks, as well as federal and state privacy laws.