Schellman becomes The First ISO 42001 ANAB Accredited Certification Body!

Learn More
866.254.0000
Contact Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
SOC 1 / SSAE 18 Examination
SOC 2 Examination
SOC 3 Examination
SOC for Supply Chain
SOC for Cybersecurity
C5 Attestation
CSA STAR Programs
Payment Card Assessments
Payment Card Assessments
PCI DSS Validation
PCI SSF
PCI P2PE Validation
PCI PIN Assessments
PCI 3DS Compliance
ISO Certifications
ISO Certifications
ISO 27001
ISO 42001
ISO 27701
ISO 9001
ISO 22301
ISO-20000-1
Privacy Assessments
Privacy Assessments
APEC Certification
GDPR Assessment
International Privacy Assessments
US State Privacy Assessments
Microsoft SSPA/DPR Assessment
Privacy Program Assessment
FERPA Assessment
EU Cloud Code of Conduct
Federal Assessments
Federal Assessments
FedRAMP®
CMMC / NIST SP 800-171
FISMA/NIST
ITAR
CJIS
IRAP
FTC Consent Decrees
Healthcare Assessments
Healthcare Assessments
HITRUST CSF Certification
HIPAA Compliance
HIPAA Express
EPCS-DEA Audits
Health Data Host (HDS) Certification
Penetration Testing
Penetration Testing
Application
Network
Mobile
Social Engineering
Cloud
Physical
Hardware and IoT
Advanced Series
Cybersecurity Assessments
Cybersecurity Assessments
Cloud Configuration Assessments
Ransomware Assessments
NIST Cybersecurity Framework Assessments
Schellman Software Security Assessment (S3A)
TISAX®
SWIFT Customer Security Programme
Internal Audit Co-Sourcing
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Learning Center
Our Technology
About Us
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships
ISO Certificate Directory
Contact Us

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

STEPHEN HALBROOK

Stephen Halbrook is a Managing Principal at Schellman. He is an experienced and proven federal practice leader performing service delivery management across service lines including FedRAMP, NIST, SOC, PCI DSS and ISO. Stephen also helps assist large and complex organizations that have multiple compliances needs helping them strategically align their efforts to maximize cost and efficiencies. He has more than 15 years of experience in the assessment industry and started his career working in Deloitte’s Advisory practice.

Blog Feature

FedRAMP | Federal Assessments

5 Common Pitfalls to Avoid During FedRAMP Authorization

By: STEPHEN HALBROOK
December 7th, 2022

You’ve heard of the Bermuda Triangle, right? It’s that mysterious region in North Atlantic Ocean where it’s said that more than 50 ships and 20 airplanes have disappeared without a trace. Fascinating and discomforting as that may be, the real trouble with the Triangle is that its boundaries are only loosely defined, which no doubt leads to uncertain pilots steering into a bad situation.

Read More
Blog Feature

Federal Assessments | NIST | CMMC

What is NIST SP 800-171?

By: STEPHEN HALBROOK
September 14th, 2022

Published by the National Institute of Standards and Technology (NIST), NIST SP 800-171 is a standard created to help organizations protect Controlled Unclassified Information (CUI) from unauthorized access or disclosure.

Read More
Blog Feature

Education | SchellmanLife

Help Carve a Career Path for Others

By: STEPHEN HALBROOK
December 26th, 2016

At some point in life, we all need advice and being a mentor is a meaningful way to provide it. Mentoring not only empowers others but also ourselves.

Read More
Blog Feature

SOC Examinations | Audit Readiness

Preparing Your Organization for a SOC 2 Examination

By: STEPHEN HALBROOK
December 5th, 2016

Here are five steps to help successfully prepare: 1. Validate the Nature of the Request. Does your client base understand the various SOC reporting options and what they are asking of your organization from a compliance reporting perspective? Is there a connection to internal controls over financial reporting (ICFR) of the services that you provide to your clients, or are you looking at general controls of a system that are relevant to security, availability, processing integrity, confidentiality, and/or privacy? SOC 1 can oftentimes be misused by the general public as a generic reference to third party examinations. There is misconception in the marketplace; help prevent it.

Read More
Blog Feature

Education

Professional Development Leads to Personal Growth

By: STEPHEN HALBROOK
September 8th, 2016

One of the most effective ways of approaching professional development is by using collaborative approaches. Or, as Eleanor Roosevelt once said, do one thing every day that scares you. I imagine that might be just as effective when it comes to professionally developing oneself and, as a result, personal skills with it. Here are three areas to consider dedicating attention to on the job if you desire to take personal development to new heights.

Read More
Blog Feature

SOC Examinations

SOC 2 Examinations: Prepare for Success

By: STEPHEN HALBROOK
August 14th, 2014

Is your organization ready for a SOC 2 examination? Here are five steps to help successfully prepare for one: 1. Validate the nature of the request. Does your client base understand the various SOC reporting options and what they are asking of your organization from a compliance reporting perspective? Is there a connection to internal controls over financial reporting (ICFR) of the services that you provide to your clients, or are you looking at general controls of a system that are relevant to security, availability processing integrity, confidentiality, and privacy? SOC 1 can oftentimes be misused by the general public as a generic reference to third party audits. There is misconception in the marketplace; help prevent it.

Read More
{

All posts

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Read delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.