Schellman’s cover photo
Schellman

Schellman

Professional Services

Tampa, FL 17,142 followers

Helping clients untangle complex compliance objectives. Schellman is the #1 FedRAMP 3PAO in the US Federal Marketplace.

About us

Schellman is a leading provider of attestation and compliance services. We are a globally licensed PCI Qualified Security Assessor, an ISO Certification Body, HITRUST CSF Assessor, and a FedRAMP 3PAO. Renowned for expertise tempered by practical experience, Schellman's professionals provide superior client service balanced by steadfast independence. Our approach builds successful, long-term relationships and allows our clients to achieve multiple compliance objectives through a single project team.

Website
http://www.schellman.com
Industry
Professional Services
Company size
501-1,000 employees
Headquarters
Tampa, FL
Type
Privately Held
Founded
2002
Specialties
SOC 1 Examinations, SOC 2 and 3 Examinations, ISO 27001 Certifications, 3PAO Security Assessment (FedRAMP), PCI DSS Validations, HITRUST Certification, Penetration / Vulnerability Assessments, Privacy (GDPR, State Laws, HIPAA), CMMC, Digital Trust, and B Corp Certified

Locations

Employees at Schellman

Updates

  • FedRAMP just released the Consolidated Rules, the biggest overhaul of the program since its inception. New certification classes. A new vulnerability framework with deadlines starting December 7, 2026. Machine-readable JSON required program-wide. And a new Class A path for CSPs with an existing SOC 2.    Schellman's Matt Hungate, Managing Principal, and Doug Barbin, President and National Managing Partner, are breaking it all down live on Wednesday, July 1. 

    FedRAMP’s New Era: What the Consolidated Rules Mean for CSPs

    FedRAMP’s New Era: What the Consolidated Rules Mean for CSPs

    www.linkedin.com

  • FedRAMP is evolving, and cloud service providers now have more than one path to achieving authorization.    Whether you pursue FedRAMP 20x, Rev. 5, or a phased approach that incorporates both depends on your organization's goals, timelines, and technical readiness. Each path differs in entry requirements, compliance models, automation, assessment cadence, investment priorities, and DoD compatibility.    Our latest infographic breaks down these key differences to help you determine which approach best aligns with your business and compliance goals.    Not sure which approach aligns with your goals? Start with our infographic to compare the key differences: https://hubs.ly/Q04mzqJl0 

    • No alternative text description for this image
    • No alternative text description for this image
  • We’re excited to welcome Sachin Bansal as Schellman’s new Chief Operating Officer. Sachin understands our industry from nearly every angle. He scaled SecurityScorecard 6X as president, advised top private equity firms on the cybersecurity sector, and knows Schellman firsthand as a two-time client. As our CEO Avani D. put it, he is a listen-and-learn leader and a natural collaborator. He’ll lead global operations, international expansion, strategy, and transformation as we scale for our next phase of growth with our new strategic partner Goldman Sachs Alternatives. Welcome to the team, Sachin! 🎉 Read more: https://lnkd.in/gj5yT_eP

    • No alternative text description for this image
  • FedRAMP's biggest overhaul since the program launched isn't just changing compliance requirements. It's creating new opportunities for cloud service providers to rethink how they enter and compete in the federal market. The new Consolidated Rules introduce pathways that could streamline authorization for some organizations, reshape certification strategies, and reward those who move early. But they also bring near-term deadlines that require immediate attention. Tomorrow, our Managing Principal, Matt Hungate and our President and National Managing Principal, Doug Barbin, are breaking it all down live. Register here: https://hubs.ly/Q04mYZxD0

    • No alternative text description for this image
  • The biggest FedRAMP transformation in more than a decade is here, bringing big changes for cloud service providers looking to enter or expand in the federal marketplace. With new certification pathways, modernized compliance requirements, and key deadlines approaching, organizations will need a clear understanding of what these changes mean and how to prepare. Our latest blog breaks down the 10 updates every cloud service provider needs to understand and what they mean for your certification strategy. As the nation's No. 1 FedRAMP Independent Assessor and the only assessor to have completed more than 200 FedRAMP assessed cloud service offerings, Schellman has the experience to help organizations confidently navigate this next chapter of FedRAMP. Read more: https://lnkd.in/gmTQK7rB

    • No alternative text description for this image
  • Expanding into the Australian government market? Understanding IRAP is a key place to start.    Administered by the Australian Signals Directorate, the Information Security Registered Assessors Program (IRAP) helps government agencies assess whether ICT providers have the cybersecurity controls needed to protect sensitive information.    Our recent blog breaks down the fundamentals of IRAP, including the Australian Government Information Security Manual (ISM), Australia's security classification levels, what the assessment process looks like, and how organizations can prepare before engaging an assessor.    Whether you're exploring opportunities in Australia or preparing for an upcoming assessment, this guide can help you better understand the requirements and what comes next.  Read the full blog here: https://hubs.ly/Q04dXn7w0  

    • No alternative text description for this image
  • New Relic's commitment to achieving FedRAMP High and DoD Impact Level 4 (IL4) authorizations marks an important step in its continued support of government and defense organizations operating in highly regulated environments. Building on its existing FedRAMP Moderate authorization, this initiative reflects New Relic's ongoing investment in helping public sector customers modernize with confidence while meeting evolving security and compliance requirements. We're proud to continue supporting New Relic as its 3PAO on this journey. Read more about the announcement: https://lnkd.in/gXjm8T3s

  • View organization page for Schellman

    17,142 followers

    Achieving CMMC Level 2 certification or FedRAMP authorization is more than just checking a compliance box. It takes a clear understanding of your security posture, potential risks, and the areas assessors will examine most closely.    Next month, join Schellman's Timothy Walsh, Jonathan Coffelt, alongside Chainguard’s John Osborne on July 22 at 1:00 PM ET for a discussion on software supply chain security, container security, common compliance pitfalls, and practical strategies for navigating both CMMC and FedRAMP requirements.    Gain insights from industry and assessment professionals on what effective readiness looks like, where organizations commonly encounter challenges, and how to strengthen your approach before an assessment begins. Register here: https://lnkd.in/eX5VRvYX

    • No alternative text description for this image
  • Tomorrow at Rocky Mountain Information Security Conference (RMISC) 2026, Schellman's Danny Manimbo and Ben Montalbano are taking the stage to explore a growing challenge facing organizations as AI adoption accelerates: how to balance innovation, governance, and sustainability.    During their session, Responsible AI in a Warming World: Integrating Sustainability and Compliance into Artificial Intelligence Governance, Danny and Ben will share insights on incorporating environmental considerations into AI governance programs while navigating evolving compliance and risk management expectations.    If you're attending RMISC, be sure to join the conversation tomorrow from 10:45-11:45 AM. Learn more about the conference here: https://lnkd.in/gxEanpij 

    • No alternative text description for this image

Similar pages

Browse jobs