Schellman

Schellman is a SOC 2 audit firm based in Tampa, FL serving mid-market and enterprise companies. They offers audit readiness assessments. Industry focus areas include SaaS, Technology, Financial Services, and others.

Schellman is a leading compliance assessment firm focused exclusively on attestation and cybersecurity services, including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI DSS.

Who Schellman May Be a Fit For

Based on the firm's listed attributes, Schellman may be a good match for the following types of buyers. Always confirm fit directly with the firm before engaging.

• Companies in SaaS, Technology, Financial Services, Healthcare, Government looking for an auditor with sector-specific experience.
• Organizations at the Mid-Market, Enterprise stage that need an auditor sized appropriately for their environment.
• Companies pursuing either a first-time Type I or a renewal Type II audit.

What to Evaluate Before Engaging This Firm

Before signing an engagement letter with any SOC 2 auditor, take time to verify the following. These factors apply broadly but are worth confirming for each firm on your shortlist.

Read more: How to choose a SOC 2 auditor · SOC 2 audit cost guide

Questions to Ask Schellman

Use these practical questions during an introductory call to evaluate fit, scope, and working style.

• How many SOC 2 audits does your team complete per year?
• What is your experience auditing companies in SaaS?
• Is pricing fixed-fee or time-and-materials?
• What is the expected timeline from kickoff to report delivery?
• Do you offer readiness assessments or gap analyses?
• Who will be my day-to-day point of contact?
• Can you share a sample engagement letter or report?

See all recommended questions: Questions to ask your SOC 2 auditor →

About Schellman and SOC 2 Audits

Does Schellman offer SOC 2 Type I and Type II audits?

Schellman offers SOC 2 Type I and SOC 2 Type II audit services. They can handle first-time engagements (Type I) and recurring audits that cover operating effectiveness over a review period (Type II).

What industries does Schellman have SOC 2 audit experience in?

Schellman serves clients in SaaS, Technology, Financial Services, Healthcare, Government. Sector-specific experience helps an auditor identify the controls that matter for your industry, anticipate regulatory overlaps, and avoid unnecessary back-and-forth during scoping.

What size companies does Schellman work with?

Schellman focuses on mid-market, enterprise organizations. An auditor matched to your company stage is more likely to scope the engagement correctly and offer pricing that fits your budget.

Does Schellman offer SOC 2 readiness assessments?

Schellman offers audit readiness support. A readiness assessment flags control gaps before the formal audit, so you can fix issues on your own timeline rather than scrambling during fieldwork.

What is Schellman's pricing model for SOC 2 audits?

Schellman uses a fixed pricing model. Contact the firm directly for a quote tailored to your audit scope and company size.

How long does a SOC 2 audit take with Schellman?

Schellman's typical timeline is 6–10 weeks. Actual duration depends on audit type, company readiness, and the observation period for Type II engagements. Before signing, ask for a written timeline with milestones for readiness, observation, fieldwork, and report delivery.

Where is Schellman located?

Schellman is headquartered in Tampa, FL. SOC 2 audits are typically conducted remotely, so location is less important than industry experience and platform familiarity. That said, overlapping time zones can make scheduling easier.

Similar SOC 2 Audit Firms

Browse by Category

• SaaS SOC 2 auditors
• Technology SOC 2 auditors
• Financial Services SOC 2 auditors
• Healthcare SOC 2 auditors
• Government SOC 2 auditors
• Mid-Market SOC 2 auditors
• Enterprise SOC 2 auditors