SchellmanCON is back! Join us for our virtual conference on March 6 & 7, 2025

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

Video

Stay up to date and discover new insights into compliance through our team’s thought leadership.

Schellman

Schellman is a leading provider of attestation and compliance services. We are the only company in the world that is a CPA firm, a globally licensed PCI Qualified Security Assessor, an ISO Certification Body, HITRUST CSF Assessor, a FedRAMP 3PAO, and most recently, an APEC Accountability Agent. Renowned for expertise tempered by practical experience, Schellman's professionals provide superior client service balanced by steadfast independence. Our approach builds successful, long-term relationships and allows our clients to achieve multiple compliance objectives through a single third-party assessor.

Blog Feature

ESG

By: Schellman
December 18th, 2024

Hi, I'm Stu Block the Sustainability Practice Director here at Schellman. We provide our clients with sustainability services in three primary areas. 1. Sustainability Regulatory Reporting Readiness

Blog Feature

Cybersecurity Assessments | ISO Certifications | Artificial Intelligence

By: Schellman
December 12th, 2024

Looking back, 2024 was the year of AI governance. At Schellman, we dove in headfirst and became the first ANAB ISO 42001-accredited Certification Body. We also started to see AI regulation come online internationally with the EU AI Act, as well as here in the U.S., where certain states also published their own AI regulation. While we're still lacking federal-level legislation—which may still come in the future—we also anticipate that this state-by-state patchwork of AI laws will expand.

Blog Feature

ESG

By: Schellman
November 6th, 2024

Let's talk about GHG emissions and how they are reported according to the Greenhouse Gas Protocol by categorizing them into three scopes. Scope 1 GHG Emissions

Blog Feature

Payment Card Assessments

By: Schellman
October 23rd, 2024

Payment, script, security, controls. Did any of those make you feel warm and fuzzy? Probably not.

Blog Feature

ISO Certifications | Artificial Intelligence

By: Schellman
October 1st, 2024

As one of the largest cybersecurity assessment firms in the world, Schellman provides services like ISO, FedRAMP, SOC, and PCI. In parallel with the compliance and technology space that continues to evolve, we've adapted our ISO services, including acquiring dual accreditation from ANAB and UKAS to meet the ever-evolving needs of our clients.

Blog Feature

Cybersecurity Assessments | Compliance and Certification

By: Schellman
September 25th, 2024

(Schellman CEO) Avani Desai here. Let's talk about something that can make or break your business...DORA. Otherwise known as the Digital Operational Resilience Act, DORA is set to redefine how financial institutions and their critical third-party providers manage digital threats.

Blog Feature

Cybersecurity Assessments

By: Schellman
September 18th, 2024

If you’ve not yet heard, the NIS2 Directive—an increasingly critical cybersecurity regulation for organizations across the EU—is set to go into effect on October 17th. That means that Member States must adopt and publish the necessary cybersecurity measures by October 17, 2024, and apply them from October 18, 2024, onward—so, is your organization ready?

Blog Feature

Payment Card Assessments

By: Schellman
September 11th, 2024

Hi, I'm Matt Crane. I'm a leader in the payment security practice here at Schellman. We're often asked if we're able to do both PCI assessments and penetration testing for the same client. In this video, we'll explain how we're able to provide both and why it's not an independence issue. First and foremost, I want to cover what the PCI Council says about this. While they don't specifically state that it is or is not an independence issue, if you look at Requirement 11.4 of PCI DSS v4.0, it talks about penetration testing services methodologies. The two main criteria that you have to have as a penetration tester to meet that requirement are: You have organizational independence, which means that the individual performing the test cannot be ultimately responsible for securing that system. (It goes on to say that organizational independence doesn't mean it has to be an ASV or approved scanning vendor or even a QSA, but so long that that individual doesn't have control over the systems they're testing, it's fine. So, if you have an internal resource that's qualified, you can move forward with them.)

Blog Feature

Payment Card Assessments | SWIFT

By: Schellman
August 28th, 2024

You're undertaking a SWIFT independent assessment, but how should you prepare? What cybersecurity requirements will be assessed? In this video, we discuss the structure of the SWIFT customer security controls framework, how it applies to your SWIFT implementation, and what to look out for as you prepare to undertake your SWIFT independent assessment. Hi. I'm John Anderson, a SWIFT practice leader here at Schellman. I've been conducting and managing SWIFT assessments since 2020, using the contemporaneous version of the SWIFT Customer Security Controls Framework (CSCF), which is at the core of the SWIFT customer security program and outlines a comprehensive set of controls designed to safeguard the SWIFT network, which is made up of critical infrastructure for the facilitation of global financial communications.

Blog Feature

Payment Card Assessments

By: Schellman
July 31st, 2024

Does your organization use the SWIFT network with some or all of your IT services outsourced to a third party? Are you one of those third-party organizations engaged by a SWIFT user for the hosting, installation, operation, and/or maintenance of components involved in your customer's SWIFT implementation?

{