Schellman becomes The First ISO 42001 ANAB Accredited Certification Body!

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

Video

Stay up to date and discover new insights into compliance through our team’s thought leadership.

Douglas Barbin

As President and National Managing Principal, Doug Barbin is responsible for the strategy, development, growth, and delivery of Schellman’s global services portfolio. Since joining in 2009, his primary focus has been to expand the strong foundation in IT audit and assurance to make Schellman a market leading diversified cybersecurity and compliance services provider. He has developed many of Schellman's service offerings, served global clients, and now focuses on leading and supporting the service delivery professionals, practice leaders, and the business development teams. Doug brings more than 25 years’ experience in technology focused services having served as technology product management executive, mortgage firm CTO/COO, and fraud and computer forensic investigations leader. Doug holds dual-bachelor's degrees in Accounting and Administration of Justice from Penn State as well as an MBA from Pepperdine. He has also taken post graduate courses on Artificial Intelligence from MIT and maintains multiple CPA licenses and in addition to most of the major industry certifications including several he helped create.

Blog Feature

Cybersecurity Assessments

By: Douglas Barbin
February 9th, 2024

In this video, Doug Barbin, President and National Managing Principal at Schellman, and Anil Markose, Chief Strategy Officer at Abacode, discuss the theme of trust in the context of cybersecurity and compliance. Join Doug and Anil as they delve into the challenges posed by the current audit-based trust mechanism, particularly in a rapidly evolving IT landscape characterized by innovations like AI and DevOps.

Blog Feature

FedRAMP | Federal Assessments

By: Douglas Barbin
October 5th, 2022

You're a cloud service provider and you want to do work for the federal government. In order to do that though, you need to be FedRAMP authorized and you've been told by the government agency that you're trying to sell to that, you need to be FedRAMP authorized. In this short video, we're going to walk you through what the process is, what the journey is to get to the point where you have that authorization, you've been approved, and you can go and sell work to your federal agency customers.

Blog Feature

By: Douglas Barbin
August 30th, 2022

We get it: You didn't budget for a compliance assessment. You were trying to sell a deal to a customer who came back to you and said you needed a SOC 2 audit or an ISO certification. But when you're making a choice, what are the implications if you go with one firm versus another in particular if you go with a low-cost provider? I'm Doug Barbin, managing principal and chief growth officer at Schellman. We've been performing assessments for over 20 years of companies of all sizes, from start-up companies to the Fortune 50. You're a start-up company. You're active in the marketplace and you're selling to customers. And you get to that deal where this customer says, this looks great, it looks like a fit for me, but I need to see proof of your security program. I need a SOC 2 report. From there, what do you do? You go out, you research different types of firms. There are certainly firms that are larger at the higher end, such as the big four firms that have the brand names and the prestige and are very, very expensive. There are often smaller firms, too, that can do this at a much lower cost. What are the things that you need to think about, though, when you're going in the direction of a low-cost provider? In particular, we get that this was not budgeted. We get that this was something that you weren't planning to do. And from a certain degree, it's a checkbox that you need to achieve in order to sell to that customer. However, what does it really mean after that? A SOC 2 report is really a statement that your security program and your commitments to your customers are being met. And those commitments have been vetted by an independent third-party assessor like Schellman. And that's what we do.

Blog Feature

Federal Assessments | CMMC

By: Douglas Barbin
August 15th, 2022

So you are a defense contractor or maybe you are participating in a large defense contract. As a result, you may have heard that you need to comply with CMMC. Let's talk about what that is.

Blog Feature

FedRAMP | Federal Assessments

By: Douglas Barbin
August 4th, 2022

So you want to provide cloud services to the federal government? There's a process that you need to go through in order to get there, and that requires an authorization and an assessment, but it also requires an agency sponsor. Let's talk about what that actually means. I'm Doug Barbin, managing principal, and chief growth officer at Schellman. We've also had the privilege at Schellman of being one of the first third-party assessment organizations, or 3PAO, since the FedRAMP program's inception 10 years ago. What does this agency sponsorship mean? Fedramp is one of the unique types of third-party assessments that require interactions by the second party. In most cases, if you look at a SOC 2 report or an ISO 27001 certification, you can come to a body or a provider like Schellman, we can perform an assessment, we can issue you a report that you can share with your customers. In the case of FedRAMP, that's not enough. To get into the FedRAMP process, you have to have a sponsor, you have to have a means of entry into the federal government. Typically what that means is you have a government agency - could be a division of the Department of Defense as well, but you have a group within the government that is going to sponsor your entryway into FedRAMP. They want to do business with you, and so they're willing to be your sponsor in that FedRAMP process. Now, that is a requirement, unfortunately, and that can be a barrier for some companies that are looking to get into the market but don't have an existing relationship or an initial relationship that can be that sponsor. So what do you do to address that? There are a few avenues such as going through a FedRAMP ready assessment. There are other outreach programs. You can reach out to the FedRAMP PMO who can give you guidance on how to get there. But it is important to know: going into FedRAMP, it's not enough just to hire an assessment firm. As a matter of fact, you can't hire us to do the assessment unless you have someone, an agency or the joint authorization board that's willing to sponsor you through the process. Getting an agency sponsor is a critical first step in your FedRAMP path. Contact us today so that we can walk you through what the broader picture is from a journey on FedRAMP, from getting that agency sponsor to going through the assessment and ultimately getting your authorization.

{