SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

The Schellman Blog

Stay up to date with the latest compliance news from the Schellman blog.

Blog Feature

Healthcare Assessments | SOC Examinations

By: GARY NELSON
August 8th, 2016

One of my favorite quotes from Ghostbusters is the exchange between Ray Stantz and Peter Venkman:

Blog Feature

SOC Examinations

By: MATTHEW HITE
August 1st, 2016

The first question many service organizations have when they begin the process of researching Service Organization Control (SOC) reports is: which SOC report(s) do they need? The American Institute of Certified Public Accountants (AICPA) has designed three SOC reports to accommodate the needs of service organizations and it is important to understand the purpose and intended use of each report:

Blog Feature

Education | SOC Examinations

By: DEBBIE ZALLER
June 17th, 2016

Unfortunately, 2015 saw some seriously impressive information security hacks, the likes of which included those at major companies and entities like VTech, T-Mobile, the FBI, and even Trump Hotels. The silver lining? At the very least, hacks involving large organizations such as these garner tons of media attention and headline time, which brings awareness to the growing urgency of greater information security. But security executives like CISOs and CIOs still struggle to see eye-to-eye with non-security executives on the matter.

Blog Feature

ISO Certifications | SOC Examinations

By: RYAN MACKIE
April 21st, 2016

Have you ever wondered if the ISO 27001 certification is at all similar to a SOC 2 report? Many organizations today are dealing with multiple needs or demands for various compliance assessments or certifications. These organizations might wonder, “How can my ISO 27001 certification fit the needs for a SOC 2 report?” and vice versa. Below we have outlined the similarities and differences between an ISO 27001 certification and a SOC 2 examination.

Blog Feature

SOC Examinations

By: RYAN MEEHAN
April 14th, 2016

During SOC 1 Type 2 examinations, which analyze both the design and operating effectiveness of your controls, deviations from the stated control process must be disclosed within the service auditor’s testing results, often referred to as testing “exceptions” or “deviations” as they are exceptions from the stated control activity. The identification of at least one testing exception is a common occurrence, whether it is due to an outage, failure to document a manual process, or a simple oversight. There are a few questions, however, that you can ask both your auditors and yourselves to help manage the exceptions.

Blog Feature

SOC Examinations

By: DANNY MANIMBO
January 21st, 2016

Formerly known as Service Organization Controls (SOC) reports, what are now known as System and Organization Controls reports help companies establish trust and confidence in their services or products, including their delivery and business processes and their controls.

Blog Feature

Healthcare Assessments | SOC Examinations

By: Schellman Compliance
December 8th, 2015

HITRUST, or the Health Insurance Trust Alliance, is a security organization and the creator of the Common Security Framework (CSF), "a certifiable framework that can be used by any and all organizations that create, access, store or exchange personal health, and financial information." Also, HITRUST developed a standard security report that addresses risk and compliance issues and helps compare security issues for an organization with others across the industry.

Blog Feature

SOC Examinations

By: TERRY O'BRIEN
October 5th, 2015

When the Romans perfected aqueducts, those channels that transported fresh water from the source to established cities and towns became the backbone of those areas. Though the Romans were excellent civil engineers, the creation and implementation of aqueducts still required a lot of planning—projects could consist of different elements like pipes, tunnels, canals, and bridges, as well as combinations of these.

{