SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

SOC Examinations

By: Nate Kocan
December 17th, 2024

When committing to a SOC 2 examination—or any compliance initiative—one of the first questions that gets asked regards the necessary budget and time commitments. While this will vary among different organizations—depending on a few different factors—there’s also variance in the effort required to both prepare for that first examination and that spent on the ones in the following years.

Blog Feature

SOC Examinations

By: TERRY O'BRIEN
November 19th, 2024

When planning for a SOC examination, there are several decisions that the service organization undergoing the evaluation must make in order to ensure their needs—as well as those of their customers—are met, be it deciding which vendors are subservice organizations, treatment of subservice organizations (carve-out vs. inclusive), or which type of report you need. Another key decision you must make is determining your SOC reporting period, and there are a few factors to consider before you do so.

Blog Feature

ISO Certifications | SOC Examinations | Artificial Intelligence

By: DANNY MANIMBO
November 4th, 2024

For anyone immersed in digital technology, you know that artificial intelligence (AI) is all the rage right now, and for good reason, the use cases for this technology are growing all the time. But as AI continues to enmesh with daily life as well as business, security concerns have grown in parallel, as have questions regarding the implications on organizations and their ongoing compliance efforts. At the top of mind for many has been how AI factors into SOC 2 examinations.

Blog Feature

ISO Certifications | SOC Examinations | SOC 2 | ISO 27001

By: KRISTEN WILBUR
September 10th, 2024

As they’re now two of the most popular compliance initiatives in the world, many organizations often choose to pursue either SOC 2 or ISO 27001, and others are tackling both. In fact, there are strategic benefits to be gained in undergoing both a SOC 2 examination and achieving ISO 27001 certification, especially as you can do both at the same time.

Blog Feature

SOC Examinations

By: COLLIN VARNER
July 16th, 2024

Ugh, it’s happened—during your SOC examination, your service auditor identified a deviation from your intended process, and that resulted in a testing exception. Given that your customers (and other stakeholders) are relying on your SOC report for reassurance regarding the effectiveness of your controls, you need to address that deviation—but how?

Blog Feature

SOC Examinations | SOC 2

By: RYAN MACKIE
June 13th, 2024

As the need for SOC 2 examinations continues to grow domestically as well as internationally, many organizations now either find themselves taking on more and more assessments or trying to appease a client base that requires a SOC 2 examination when the typical product or platform approach may not apply. When these situations crop up, we are seeing more adoption of what’s known as an enterprise services SOC 2 examination.

Blog Feature

SOC Examinations

By: COLLIN VARNER
January 18th, 2024

When pursuing a SOC 2 examination, a popular first step for many organizations—particularly those just stepping into the world of compliance for the first time—is the SOC 2 readiness assessment. But for those first-timers who don’t know what to expect from such a process, it might help to have a primer.

Blog Feature

SOC Examinations

By: Adam Russell
October 5th, 2023

Internal Audit (IA) and Governance, Risk, and Compliance (GRC) professionals are often charged with reading SOC reports from service providers to gain an understanding of each vendor’s controls, but many may not know how you can also use these reports to also enhance, mature, and drive their own audit and governance functions.

{