What is FedRAMP?
The Federal Risk and Authorization Management Program (FedRAMP) was created by the Office of Management and Budget to assess and authorize federal cloud computing products and services for use within the United States federal government.
Cloud service providers (CSPs) that want to become FedRAMP certified must adhere to a series of information security standards and requirements, be assessed by an authorized Third-Party Assessment Organization (3PAO), and provide continuous monitoring reports and updates to FedRAMP. Details on what it takes to become a FedRAMP certified CSP (vendor) and/or an independent 3PAO (auditor) are outlined in detail on the FedRAMP website.
The purpose of FedRAMP is to reduce the time, effort and cost involved to assess the potential use of CSPs in multiple areas of the government by ensuring specific solutions are “pre-qualified” for use or purchase. While specifically designed for federal agencies, local governments can also rely on FedRAMP certifications to assess CSPs for use in their own agencies.
Socrata is FedRAMP Authorized
Socrata recognizes that being good stewards of our customer’s data means making sure that the information on our platform is there when needed, is only visible to those who should have access, and hasn’t been changed. The Socrata FedRAMP-accredited data platform provides agencies with an enterprise-ready environment to securely collect, manage, analyze and disseminate troves of data, internally and externally, to support the design and delivery of mission-critical programs.
Socrata has invested heavily in security and privacy programs to meet the strictest availability, confidentiality, and integrity requirements. With a dedicated team of security analysts continually monitoring for vulnerabilities and attacks, all customers, including State and Local governments, benefit from these increased security measures. We’ve also brought in outside assessors to review our security controls, environment, and approach, and have created and deployed a bug-bounty program, to encourage security researchers to test our systems. All this work has culminated in our ATO, becoming one of the earliest software-as-a-service providers to achieve a FedRAMP certification.
In May 2017, Socrata achieved FedRAMP-Moderate Authority To Operate (ATO). Socrata’s FedRAMP compliance information is available on the CSP page on the FedRAMP website.