Schellman & Company Auditor Profile
Schellman & Company is one of the most respected compliance-focused audit firms in the United States. Based in Tampa, Florida, Schellman specializes in technology compliance assessments including SOC 2, ISO 27001, FedRAMP, HITRUST, PCI DSS, and CMMC. The firm is known for deep technical expertise and efficient audit delivery.
What Schellman Does Well
Technical depth sets Schellman apart from many CPA firms. Their auditors have strong technology backgrounds, enabling them to effectively evaluate complex cloud architectures, DevOps environments, and modern security controls.
Multi-framework credentials under one roof is a key strength. Schellman holds accreditations as a CPA firm, ISO certification body, PCI QSA, FedRAMP 3PAO, and HITRUST assessor, making them a one-stop shop for companies pursuing multiple frameworks.
Government compliance expertise in FedRAMP and CMMC positions Schellman as a go-to firm for technology companies entering the government market. Their experience navigating these complex frameworks is extensive.
Engagement Process
Schellman follows a streamlined engagement process:
- Scoping — Define assessment scope, framework requirements, and timeline
- Kickoff — Assign audit team and establish communication channels
- Evidence review — Collect and evaluate documentation and artifacts
- Testing — Perform control testing and interviews
- Reporting — Deliver draft and final audit reports
Pricing Expectations
Schellman offers competitive pricing for a top-tier compliance firm. SOC 2 Type II audits for SaaS companies start around $20,000. FedRAMP assessments and multi-framework engagements run $50,000 to $100,000 or more.
Who Should Choose Schellman
Schellman is an excellent choice for technology companies seeking a technically proficient audit firm with broad framework coverage. Companies pursuing FedRAMP, HITRUST, or multiple frameworks simultaneously will benefit from their consolidated approach.