Building an AI governance program when the rules keep changing is harder than it sounds. On July 15 at 2:30 PM EST, Danny Manimbo, Tristan Ingold of Meta, and Daniel Pietragallo of Buchalter will tackle exactly that.
Schellman
Professional Services
Tampa, FL 17,142 followers
Helping clients untangle complex compliance objectives. Schellman is the #1 FedRAMP 3PAO in the US Federal Marketplace.
About us
Schellman is a leading provider of attestation and compliance services. We are a globally licensed PCI Qualified Security Assessor, an ISO Certification Body, HITRUST CSF Assessor, and a FedRAMP 3PAO. Renowned for expertise tempered by practical experience, Schellman's professionals provide superior client service balanced by steadfast independence. Our approach builds successful, long-term relationships and allows our clients to achieve multiple compliance objectives through a single project team.
- Website
-
http://www.schellman.com
External link for Schellman
- Industry
- Professional Services
- Company size
- 501-1,000 employees
- Headquarters
- Tampa, FL
- Type
- Privately Held
- Founded
- 2002
- Specialties
- SOC 1 Examinations, SOC 2 and 3 Examinations, ISO 27001 Certifications, 3PAO Security Assessment (FedRAMP), PCI DSS Validations, HITRUST Certification, Penetration / Vulnerability Assessments, Privacy (GDPR, State Laws, HIPAA), CMMC, Digital Trust, and B Corp Certified
Locations
-
Primary
Get directions
4010 W Boy Scout Blvd., Suite 600
Tampa, FL 33607, US
-
Get directions
4510 Kenny Rd
Columbus, Ohio 43220, US
Employees at Schellman
Updates
-
FedRAMP just released the Consolidated Rules, the biggest overhaul of the program since its inception. New certification classes. A new vulnerability framework with deadlines starting December 7, 2026. Machine-readable JSON required program-wide. And a new Class A path for CSPs with an existing SOC 2. Schellman's Matt Hungate, Managing Principal, and Doug Barbin, President and National Managing Partner, are breaking it all down live on Wednesday, July 1.
FedRAMP’s New Era: What the Consolidated Rules Mean for CSPs
www.linkedin.com
-
FedRAMP is evolving, and cloud service providers now have more than one path to achieving authorization. Whether you pursue FedRAMP 20x, Rev. 5, or a phased approach that incorporates both depends on your organization's goals, timelines, and technical readiness. Each path differs in entry requirements, compliance models, automation, assessment cadence, investment priorities, and DoD compatibility. Our latest infographic breaks down these key differences to help you determine which approach best aligns with your business and compliance goals. Not sure which approach aligns with your goals? Start with our infographic to compare the key differences: https://hubs.ly/Q04mzqJl0
-
-
We’re excited to welcome Sachin Bansal as Schellman’s new Chief Operating Officer. Sachin understands our industry from nearly every angle. He scaled SecurityScorecard 6X as president, advised top private equity firms on the cybersecurity sector, and knows Schellman firsthand as a two-time client. As our CEO Avani D. put it, he is a listen-and-learn leader and a natural collaborator. He’ll lead global operations, international expansion, strategy, and transformation as we scale for our next phase of growth with our new strategic partner Goldman Sachs Alternatives. Welcome to the team, Sachin! 🎉 Read more: https://lnkd.in/gj5yT_eP
-
-
FedRAMP's biggest overhaul since the program launched isn't just changing compliance requirements. It's creating new opportunities for cloud service providers to rethink how they enter and compete in the federal market. The new Consolidated Rules introduce pathways that could streamline authorization for some organizations, reshape certification strategies, and reward those who move early. But they also bring near-term deadlines that require immediate attention. Tomorrow, our Managing Principal, Matt Hungate and our President and National Managing Principal, Doug Barbin, are breaking it all down live. Register here: https://hubs.ly/Q04mYZxD0
-
-
The biggest FedRAMP transformation in more than a decade is here, bringing big changes for cloud service providers looking to enter or expand in the federal marketplace. With new certification pathways, modernized compliance requirements, and key deadlines approaching, organizations will need a clear understanding of what these changes mean and how to prepare. Our latest blog breaks down the 10 updates every cloud service provider needs to understand and what they mean for your certification strategy. As the nation's No. 1 FedRAMP Independent Assessor and the only assessor to have completed more than 200 FedRAMP assessed cloud service offerings, Schellman has the experience to help organizations confidently navigate this next chapter of FedRAMP. Read more: https://lnkd.in/gmTQK7rB
-
-
Expanding into the Australian government market? Understanding IRAP is a key place to start. Administered by the Australian Signals Directorate, the Information Security Registered Assessors Program (IRAP) helps government agencies assess whether ICT providers have the cybersecurity controls needed to protect sensitive information. Our recent blog breaks down the fundamentals of IRAP, including the Australian Government Information Security Manual (ISM), Australia's security classification levels, what the assessment process looks like, and how organizations can prepare before engaging an assessor. Whether you're exploring opportunities in Australia or preparing for an upcoming assessment, this guide can help you better understand the requirements and what comes next. Read the full blog here: https://hubs.ly/Q04dXn7w0
-
-
New Relic's commitment to achieving FedRAMP High and DoD Impact Level 4 (IL4) authorizations marks an important step in its continued support of government and defense organizations operating in highly regulated environments. Building on its existing FedRAMP Moderate authorization, this initiative reflects New Relic's ongoing investment in helping public sector customers modernize with confidence while meeting evolving security and compliance requirements. We're proud to continue supporting New Relic as its 3PAO on this journey. Read more about the announcement: https://lnkd.in/gXjm8T3s
-
Achieving CMMC Level 2 certification or FedRAMP authorization is more than just checking a compliance box. It takes a clear understanding of your security posture, potential risks, and the areas assessors will examine most closely. Next month, join Schellman's Timothy Walsh, Jonathan Coffelt, alongside Chainguard’s John Osborne on July 22 at 1:00 PM ET for a discussion on software supply chain security, container security, common compliance pitfalls, and practical strategies for navigating both CMMC and FedRAMP requirements. Gain insights from industry and assessment professionals on what effective readiness looks like, where organizations commonly encounter challenges, and how to strengthen your approach before an assessment begins. Register here: https://lnkd.in/eX5VRvYX
-
-
Tomorrow at Rocky Mountain Information Security Conference (RMISC) 2026, Schellman's Danny Manimbo and Ben Montalbano are taking the stage to explore a growing challenge facing organizations as AI adoption accelerates: how to balance innovation, governance, and sustainability. During their session, Responsible AI in a Warming World: Integrating Sustainability and Compliance into Artificial Intelligence Governance, Danny and Ben will share insights on incorporating environmental considerations into AI governance programs while navigating evolving compliance and risk management expectations. If you're attending RMISC, be sure to join the conversation tomorrow from 10:45-11:45 AM. Learn more about the conference here: https://lnkd.in/gxEanpij
-