Information Security

 View Only
  • 1.  FedRAMP

    This message was posted by a user wishing to remain anonymous
    Posted 28 days ago
    This message was posted by a user wishing to remain anonymous

    Hello,

    Is FedRAMP an acceptable alternative to a SOC report?  Our potential vendor does not have a SOC report.

    Thank in advance for your response



  • 2.  RE: FedRAMP

    Posted 10 days ago

    My opinion would be to accept FedRAMP certification as an alternative to a SOC report for performing due diligence on an organization's IT infrastructure. FedRAMP audits are more specific and in depth than SOC reports which can be adjusted by the organization to be more or less detailed. We're always interested in hearing how others address these issues so I encourage others who encounter this to comment how they've handled the situation as well.