In June of 2018, A2LA initiated a new system for third-party assessment organizations (3PAOs) seeking to become FedRAMP accredited. Under this system, any organization seeking to become an accredited 3PAO must first become accredited to A2LA’s Cybersecurity Inspection Body Program. Organizations accredited to this program will spend approximately one year demonstrating their adherence to the requirements of the cybersecurity program before opting to transition to the FedRAMP program. This two-step process serves to first establish a level of more generalized technical competence in the cybersecurity field before organizations are considered for the more specialized FedRAMP program. We are pleased to announce that San Francisco-based information security company Securisea is the first company to achieve FedRAMP accreditation through this newly implemented A2LA process.
Securisea is an information security company that provides a diverse array of consulting and training services. They gained their initial accreditation under the cybersecurity program in July of 2019, and thanks to promptness and diligence on their part they achieved FedRAMP 3PAO accreditation just under a year later. Securisea made the decision to pursue accreditation to A2LA’s cybersecurity program shortly after it was launched in 2018, and many other organizations have now also achieved accreditation. Several companies not seeking to become 3PAOs are also now accredited through the cybersecurity program, as it provides confirmation from an independent third party that the organization is competent and compliant, which serves as a valuable competitive advantage in their field.
For those organizations like Securisea who are pursuing FedRAMP 3PAO accreditation, the newer two-phase approach streamlines and clarifies their overall process, in addition to supporting the stringent FedRAMP requirements. Accreditation to A2LA’s Cybersecurity Inspection Body Program establishes an organization’s competence in the cybersecurity field based on the requirements of ISO/IEC 17020, the international standard for inspection bodies, as well as the relevant program specific requirements. Maintaining this accreditation involves continuous monitoring that supports an organization’s readiness to move forward with the more stringent FedRAMP accreditation requirements.