SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

SCOTT ZELKO

Scott Zelko is a Managing Director at Schellman. Scott leads the Northeast Practice and the ISO Certification service line including ISO 27001, ISO 9001, ISO 20000, and ISO 22301. He works with many of the world’s leading cloud computing, FinTech, and security provider clients. Scott has more than 30 years of experience in the information technology field including IT management, system implementations, attestation and other advisory services and holds multiple certifications in the areas of Security, Privacy and Enterprise Governance. In addition, Scott works with clients to develop unified compliance strategies to meet internal, regulatory and client requirements.

Blog Feature

Cybersecurity Assessments

By: SCOTT ZELKO
November 14th, 2023

When considering cybersecurity, many may first think of cutting-edge tech companies. Healthcare providers may spring to mind for others and government agencies for still others. But strong cybersecurity—if it’s not already—is becoming paramount in every sector, and if the recent attacks tell us anything, it’s now paramount for universities as well.

Blog Feature

SOC Examinations

By: SCOTT ZELKO
June 23rd, 2017

It may come as a bit of a surprise—maybe not—but there are actually two types of SOC reports. Upon examination, the service organization is responsible for specifying whether or not a “Type 1” or “Type 2” will be performed. It’s important to note the specific use of “Type” as a distinguisher--not “SOC 1” or “SOC 2,” as the different specified “types” are options for both the SOC 1 and SOC 2 reports. For those of you that are now thinking, “that’s confusing,” I agree 100% with you. In fact, “Type 2” and “SOC 2” are not at all the same thing, and the “type” of each SOC examination presents important differences for service organizations.

Blog Feature

ISO Certifications

By: SCOTT ZELKO
May 25th, 2017

As a holistic security standard that has become popular worldwide, ISO 27001 can help any organization seeking to prove their cybersecurity measures are sound while also providing a market differentiator among other gained advantages. But the comprehensive nature of the standard—and the heavy lift it requires—can also put off organizations considering it, especially those in sectors that have yet to really be affected, like law firms.

Blog Feature

Cybersecurity Assessments | Cloud Computing

By: SCOTT ZELKO
March 31st, 2016

Surprisingly, business leaders—not IT departments—are the driving force behind six out of 10 migrations to the cloud. These leaders are often bothered by the nagging question, “Is the cloud secure?” This question is usually followed by a series of debates about just how secure the cloud is.

Blog Feature

Compliance and Certification

By: SCOTT ZELKO
November 19th, 2015

Despite years of preparation and billions of dollars in spending, today’s businesses still aren’t prepared for cyber-attacks. Just turn on the evening news and you’ll be greeted with the name of the latest company to suffer an attack.

{