Schellman is a leading provider of attestation and compliance services. We are the only company in the world that is a CPA firm, a globally licensed PCI Qualified Security Assessor, an ISO Certification Body, HITRUST CSF Assessor, a FedRAMP 3PAO, and most recently, an APEC Accountability Agent. Renowned for expertise tempered by practical experience, Schellman's professionals provide superior client service balanced by steadfast independence. Our approach builds successful, long-term relationships and allows our clients to achieve multiple compliance objectives through a single third-party assessor.
Payment Card Assessments | PCI DSS
By:
Schellman
July 17th, 2024
Hi, I'm Matt Crane. I'm a leader in the Payment Security Practice, and today we're going to tackle what exactly cardholder data is because the PCI Council has introduced a new term in PCI DSS v4.0. But first, let's talk about PCI DSS v3.2.1, because--similar to the dinosaurs on my shirt in this video--some of the terminology in v3.2.1 is now extinct, as this version was officially retired on March 31, 2024.
Payment Card Assessments | SWIFT
By:
Schellman
May 8th, 2024
With the December 31st attestation submission date for annual SWIFT Independent Assessments looming closer, it's crucial to ensure readiness and a big part of that is choosing your assessor.
By:
Schellman
April 17th, 2024
Recently, we've had a surge in inquiries surrounding SWIFT, and so in this video, Schellman's Matt Crane will take a closer look at what a SWIFT Customer Security Independent Assessment entails. What is the SWIFT Customer Security Program (CSP)? The Society for Worldwide Interbank Financial Telecommunications, or SWIFT, serves as a member-owned cooperative that facilitates the exchange of financial messages between entities. Organizations utilizing SWIFT gain access to its network and associated software, thereby creating a cybersecurity risk to both the network and application ecosystem. In response to those growing cybersecurity concerns, SWIFT introduced the Customer Security Program (CSP) in May 2016. As an international standard that aims to mitigate cyber threats and safeguard the integrity, availability, and confidentiality of the global financial system, the CSP's framework of policies, standards, and guidelines are designed to bolster cyber defenses, detect and prevent fraud, and enable threat information sharing among users. Understanding Independent Assessment Central to the CSP is the requirement for SWIFT users and providers to undergo regular independent assessments to validate their compliance with the applicable cybersecurity framework. These assessments, mandated annually since 2021, ensure that organizations adhere to the Customer Security Controls Framework, which outlines mandatory and advisory security controls intended to enhance the security of financial messaging services. The Role of Assessors Assessments must be conducted by external independent assessors—like Schellman or others listed on the CSP Assessment Provider list on SWIFT.com—or internal independent assessors. These assessors deliver comprehensive reports that include executive summaries, controls assessments, and completion letters, outlining your organization's compliance status with the CSP. Moving Forward Now Instead of Later The SWIFT Customer Security Independent Assessment plays a pivotal role in safeguarding the integrity of financial transactions in today's interconnected world. If you're a SWIFT user, you must recognize the significance of annual assessments and prioritize compliance with the CSP—instead of waiting until the fourth quarter to initiate assessments, you can begin the process as early as the second quarter to ensure ample time for review and resolution of any identified issues. By adhering to the CSP and undergoing regular assessments, you can enhance your cyber defenses and contribute to a more secure global financial ecosystem. To learn more about SWIFT and the related assessments, contact us today and ensure your timely compliance and proactive risk management.
By:
Schellman
April 10th, 2024
In the realm of data security and compliance, one term that frequently arises is "scope." It's a pivotal concept, particularly within the context of the Payment Card Industry Data Security Standard (PCI DSS). In this video, Senior Manager Sully Perella discusses what's in scope for PCI DSS compliance and how your organization may have compliance implications even if you don't directly handle cardholder data.
By:
Schellman
March 27th, 2024
In today's rapidly evolving landscape, managing climate-related risks has become an essential aspect of corporate responsibility. As organizations strive to demonstrate their commitment to sustainability, one crucial component emerges: setting credible greenhouse gas emissions reduction targets.
By:
Schellman
March 13th, 2024
When seeking Payment Card Industry (PCI) compliance, the expiration of terminals can introduce complexities and uncertainties for merchants. In this video, Sully Perella, a practice leader at Schellman, sheds light on the significance of expired terminals and offers insights into navigating this compliance challenge.
By:
Schellman
February 28th, 2024
Are you looking to enhance your company's ESG (Environmental, Social, Governance) performance? At Schellman, we offer a range of services tailored to help you navigate and excel in this critical area, and these can be categorized into three main service areas: assessments, assurance, and certification.
By:
Schellman
February 21st, 2024
In the landscape of modern business, the acronym "ESG" has become increasingly prominent. But what exactly does it entail, and why should companies prioritize it? As Tom Andresen Gosselin, the ESG Practice Director at Schellman, elucidates, there are five pivotal benefits to embracing ESG principles.
News | ISO Certifications | ISO 42001
By:
Schellman
February 8th, 2024
In an ever-evolving technological landscape, staying ahead of the curve is crucial. At Schellman, we've built our reputation on being pioneers in cloud security assessments, and today, we're excited to announce our latest venture: diving headfirst into the world of Artificial Intelligence (AI) with ISO 42001 certification services.