Schellman becomes The First ISO 42001 ANAB Accredited Certification Body!

Contact Us
Services
Services
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
Sustainability Services
Sustainability Services
AI Services
AI Services
About Us
About Us
Leadership Team
Leadership Team
Corporate Social Responsibility
Corporate Social Responsibility
Careers
Careers
Strategic Partnerships
Strategic Partnerships

Blog

Video

Stay up to date and discover new insights into compliance through our team’s thought leadership.

Blog Feature

FedRAMP | Federal Assessments

By: Marci Womack
August 9th, 2023

One of the questions that we get the most often when we're talking about Federal assessments is how long does it take to get through the assessment process and what happens afterward to actually get to FedRAMP authorization?

Blog Feature

FedRAMP | Federal Assessments

By: Douglas Barbin
October 5th, 2022

You're a cloud service provider and you want to do work for the federal government. In order to do that though, you need to be FedRAMP authorized and you've been told by the government agency that you're trying to sell to that, you need to be FedRAMP authorized. In this short video, we're going to walk you through what the process is, what the journey is to get to the point where you have that authorization, you've been approved, and you can go and sell work to your federal agency customers.

Blog Feature

FedRAMP | Federal Assessments

By: Douglas Barbin
August 4th, 2022

So you want to provide cloud services to the federal government? There's a process that you need to go through in order to get there, and that requires an authorization and an assessment, but it also requires an agency sponsor. Let's talk about what that actually means. I'm Doug Barbin, managing principal, and chief growth officer at Schellman. We've also had the privilege at Schellman of being one of the first third-party assessment organizations, or 3PAO, since the FedRAMP program's inception 10 years ago. What does this agency sponsorship mean? Fedramp is one of the unique types of third-party assessments that require interactions by the second party. In most cases, if you look at a SOC 2 report or an ISO 27001 certification, you can come to a body or a provider like Schellman, we can perform an assessment, we can issue you a report that you can share with your customers. In the case of FedRAMP, that's not enough. To get into the FedRAMP process, you have to have a sponsor, you have to have a means of entry into the federal government. Typically what that means is you have a government agency - could be a division of the Department of Defense as well, but you have a group within the government that is going to sponsor your entryway into FedRAMP. They want to do business with you, and so they're willing to be your sponsor in that FedRAMP process. Now, that is a requirement, unfortunately, and that can be a barrier for some companies that are looking to get into the market but don't have an existing relationship or an initial relationship that can be that sponsor. So what do you do to address that? There are a few avenues such as going through a FedRAMP ready assessment. There are other outreach programs. You can reach out to the FedRAMP PMO who can give you guidance on how to get there. But it is important to know: going into FedRAMP, it's not enough just to hire an assessment firm. As a matter of fact, you can't hire us to do the assessment unless you have someone, an agency or the joint authorization board that's willing to sponsor you through the process. Getting an agency sponsor is a critical first step in your FedRAMP path. Contact us today so that we can walk you through what the broader picture is from a journey on FedRAMP, from getting that agency sponsor to going through the assessment and ultimately getting your authorization.

{