Hello,
Is FedRAMP an acceptable alternative to a SOC report? Our potential vendor does not have a SOC report.
Thank in advance for your response
My opinion would be to accept FedRAMP certification as an alternative to a SOC report for performing due diligence on an organization's IT infrastructure. FedRAMP audits are more specific and in depth than SOC reports which can be adjusted by the organization to be more or less detailed. We're always interested in hearing how others address these issues so I encourage others who encounter this to comment how they've handled the situation as well.