EnergyCAP, a developer of cloud-based utility bill and energy management software, has partnered with cyber security and GRC firm Lazarus Alliance for a FedRAMP certification audit.
SCOTTSDALE, Ariz., November 27, 2017 (Newswire.com) - Lazarus Alliance, a leading cyber security, governance, risk, and compliance (GRC) firm, today announces its partnership with EnergyCAP, America’s number-one utility bill and energy management software company. Lazarus Alliance will perform a FedRAMP 3PAO audit for EnergyCAP.
The Federal Risk and Authorization Management Program (FedRAMP) was designed to support the federal government’s “cloud-first” initiative by offering a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Cloud service providers (CSPs), including SaaS providers such as EnergyCAP, must obtain FedRAMP certification to sell services to U.S. federal government agencies. The FedRAMP audit and assessment process must be performed by an accredited third-party assessment organization (3PAO) such as Lazarus Alliance.
The U.S. government is the largest purchaser of goods and services in the world, and federal agencies are rapidly migrating to the cloud. FedRAMP certification will allow EnergyCAP to reach these customers.
Michael Peters, CEO, Lazarus Alliance
“The U.S. government is the largest purchaser of goods and services in the world, and federal agencies are rapidly migrating to the cloud,” said Michael Peters, CEO of Lazarus Alliance. “FedRAMP certification will allow EnergyCAP to reach these customers, and federal agencies will be able to manage their energy use through a cloud-based solution that has been proven to adhere to a comprehensive and uniform set of security controls.”
FedRAMP certification is a long, arduous, and expensive process that begins with the preparation of a System Security Plan (SSP), the main document in which the CSP describes all information security controls currently in use and their implementation.
Because the certification process is so long and expensive, many CSPs fear they cannot afford to pursue FedRAMP compliance. To save CSPs money and time, Lazarus Alliance uses Continuum GRC’s IT Audit Machine (ITAM), a cloud-based GRC solution that integrates IT governance, policy management, risk management, compliance management, audit management, and incident management. Its user-friendly self-help modules encompass the full spectrum of regulatory and industry data security requirements, including FedRAMP-ready assessment and compliance management modules.
“CSPs must prepare their own SSP. A 3PAO cannot do this for a CSP and also assess the CSP as their 3PAO. This would be an extreme conflict of interest,” Peters explains. “A major advantage to working with Lazarus Alliance as a 3PAO is that we provide to our clients, at no cost, the ITAM FedRAMP SSP module from Continuum GRC. This makes everything easy and sustainable. By leveraging the power of ITAM and the CSP’s SSP, we are able to significantly reduce the time and expense of FedRAMP certification and put it within reach of most cloud services providers.”
Source: Lazarus Alliance