The Federal Risk and Authorization Management Program, or FedRAMP, is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.There are three main players in the FedRAMP process: Agencies, Cloud Service Providers (CSPs), and Third Party Assessment Organizations (3PAOs).
Radian supports the FedRAMP program in two ways:
- We assist companies to achieve the 3PAO status through the use of our standard methodology of assessment, implementation, and internal audit. We also support the specific context of implementation requirements. An organization with extensive Information Validation and Verification (IV&V) may seek to add a business line for 3PAO services. The path to become a 3PAO includes implementation of ISO 17020:2012. Radian has assisted many of the current 3PAOs to achieve and maintain this status. We stay current on requirements from the assessment organization (A2LA) and FedRAMP program in order to achieve 3PAO status without re-work or misunderstanding of key requirements.
- Secondly, a company wishing to achieve a CSP status is required to construct complex decisions early on to determine the best route for certification as well as fully understand the elaborate requirements of the FedRAMP program. Radian supports an organization’s implementation and alignment in preparation for a 3PAO audit. We understand “both sides of the requirements”, and are instrumental in ensuring that a CSP spends their time and money on meeting the requirements. Decisions are made early in the readiness phase to ensure a productive and effective program is created.