GPS Insight Partners With Lazarus Alliance for FedRAMP and AT-101 SOC 2 Data Security Audits

Lazarus Alliance, a leading cyber security, governance, risk, and compliance (GRC) firm, is pleased to announce its partnership with GPS Insight, which provides cloud-based GPS tracking solutions to construction companies, utility providers, and other private and public-sector organizations. Lazarus Alliance will be providing FedRAMP 3PAO and AT-101 SOC 2 audit services.

The Federal Risk and Authorization Program (FedRAMP) is a risk management program that was developed to support cloud computing use by government agencies. It provides cloud service providers (CSPs) with a single set of data security standards to assess and monitor their products and services. A CSP that is FedRAMP compliant can offer its products and services to any federal government agency, without each agency having to conduct its own independent security audit. As an accredited Third Party Assessment Organization (3PAO), Lazarus Alliance is certified to help cloud service providers and government agencies comply with FedRAMP.

Once a CSP is FedRAMP-compliant, they can conduct business with any federal government agency, which opens up a huge market for them. In addition, private-sector customers feel very secure when they see that a CSP is FedRAMP compliant because they know how rigorous the requirements are.

Michael Peters,
CEO, Lazarus Alliance

“FedRAMP compliance is a long, tedious process; many of our clients find it is unlike any other compliance audit they have ever undergone,” explained Michael Peters, CEO of Lazarus Alliance. “However, once a CSP is FedRAMP-compliant, they can conduct business with any federal government agency, which opens up a huge market for them. In addition, private-sector customers feel very secure when they see that a CSP is FedRAMP compliant because they know how rigorous the requirements are.”

Before Lazarus Alliance can begin its 3PAO assessment, GPS Insight must prepare a System Security Plan (SSP), a 400-page template that requires the CSP to provide information on its system inventory, boundaries, and controls and map them to the National Institute of Standards and Technology’s Special Publication 800-53 (NIST 800-53). This step alone could take several months, but the IT Audit Machine (ITAM), an automated governance, risk, and compliance solution, speeds up the process.

“A 3PAO cannot develop an SSP for a CSP and also assess the CSP as their 3PAO, as this would be a conflict of interest,” Peters explains. “A major advantage to working with Lazarus Alliance as a 3PAO is that we provide to our clients, at no cost, the ITAM FedRAMP SSP module from Continuum GRC. This makes everything easy and sustainable, significantly reduces the time it takes to put together the SSP, and saves money.”

GPS Insight is also undergoing an AT-101 SOC 2 audit. The SOC 2, which is part of the AICPA SOC reporting framework, is used by technology service organizations to attest to their adherence to proper data security control procedures and practices. An SOC 2 audit affirms that the design and operating effectiveness of the service organization’s internal controls meet the requirements for the security principles set forth by AICPA’s Trust Services Principles.

“Even on their own, the FedRAMP and SOC 2 audits are impressive security certifications,” Peters notes. “By undergoing both audits, GPS Insight is differentiating itself within the cloud services industry and conveying that customers in even the most highly regulated industries can feel confident about the security of their asset tracking solutions.”

Source: Lazarus Alliance