Press Release (ePRNews.com) - Scottsdale, AZ - Nov 27, 2017 - Lazarus Alliance, a leading cyber security governance, risk, and compliance (GRC) firm, has been recertified by the American Association for Laboratory Accreditation (A2LA) as a FedRAMP third-party assessment organization (3PAO), the company announced today.
A 3PAO is an organization that has been certified to help cloud service providers and government agencies meet FedRAMP compliance regulations. FedRAMP works with the A2LA to accredit 3PAOs. The A2LA assessment process evaluates the 3PAO’s technical competence and assesses their compliance with the general requirements of ISO/IEC 17020:2012 and FedRAMP specific requirements.
“Lazarus Alliance underwent a rigorous assessment process in order to be recertified as a 3PAO,” said Michael Peters, CEO of Lazarus Alliance. “We are excited about our recertification and stand ready to help public, private, community, and hybrid cloud service providers navigate the FedRAMP compliance process.”
We are excited about our recertification and stand ready to help public, private, community, and hybrid cloud service providers navigate the FedRAMP compliance process.
The Federal Risk and Authorization Management Program (FedRAMP) was designed to support the federal government’s “cloud-first” initiative by providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. All cloud service providers that work with the U.S. government must comply with FedRAMP, and the FedRAMP certification process must be performed by a certified 3PAO such as Lazarus Alliance.
“The FedRAMP certification process is traditionally very long and very expensive, which has put it out of reach for most businesses,” Peters notes. “We at Lazarus Alliance pride ourselves on our proven FedRAMP 3PAO assessment approach and technology, which dramatically cut time and costs.”
This, Peters goes on to explain, is due to Lazarus Alliance’s use of the Continuum GRC IT Audit Machine (ITAM) software. The cloud-based ITAM integrates IT governance, policy management, risk management, compliance management, audit management, and incident management. Its user-friendly self-help modules encompass the full spectrum of regulatory and industry data security requirements, including FedRAMP-ready assessment and compliance management modules.
“We average a 46% reduction in the traditional assessment time due to the dedicated ITAM SaaS portal,” Peters states. “And while results vary, companies may be able to reduce their total FedRAMP certification expenses by 1000% just by using ITAM.”
While FedRAMP certification is not required of cloud providers who do not sell services to the federal government, Peters advises all cloud services to consider it.
“As more cloud breaches make headlines, businesses are getting spooked and questioning the security of the cloud,” Peters said. “Even private-sector companies realize how difficult it is to achieve FedRAMP certification. It reassures potential customers that your company adheres to the highest levels of data security.”