BrightLine is Now a FedRAMP Third Party Assessment Organization (3PAO)

BrightLine CPAs & Associates, Inc. is pleased to announce that it is one of the initial companies chosen as a Third Party Assessment Organization (3PAO) accredited to perform authorization assessments for the Federal Risk and Authorization Management Program (“FedRAMP”). Out of thousands of CPA firms, BrightLine is the first and only CPA firm selected as a 3PAO. In fact, with this certification, BrightLine is the only company in the world that is a licensed CPA firm, a Payment Card Industry Qualified Security Assessor (PCI QSA) company, an ISO 27001 certification body and a FedRAMP 3PAO.

FedRAMP is a new government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a “do once, use many times” framework that saves cost, time, and staff required to conduct redundant agency security assessments. As a part of the FedRAMP process, cloud service providers (CSPs) must hire a 3PAO to perform an initial system assessment and ongoing monitoring of controls to independently validate and verify that they meet the FedRAMP requirements.

“Our company already provides service organization controls (SOC) examination, PCI validation and ISO 27001 certification services to many CSPs that are affected by FedRAMP,” stated Doug Barbin, Principal and FedRAMP Practice Leader of BrightLine. “Becoming a 3PAO was a critical component of extending BrightLine’s reputation for being the only company in the marketplace that allows service providers to obtain all of these related assessment services through a single vendor.”

With the 3PAO accreditation, BrightLine can provide to CSPs the internal security controls validation which is mandatory to be a cloud service provider to federal agencies. The validation also helps demonstrate the independence and proficiency to create a trusted relationship between agencies and the CSPs that host critical data.

Since the demands for FedRAMP services are significant, many CSPs have already commenced with the pre-assessment process. Due to the complexity of the program and the comprehensive nature of the underlying National Institute of Standards and Technology (NIST) standards, CSPs are strongly encouraged to begin the FedRAMP validation process immediately.

Inquiries for FedRAMP services can be made with BrightLine at 1-866-254-0000 or by submitting a request for a professional consultation at https://www.brightline.com/ #contactus/consultation. Further information BrightLine’s FedRAMP service offerings can found at www.brightline.com/FedRAMP.

ABOUT BRIGHTLINE

BrightLine CPAs & Associates, Inc. is a global provider of assurance and compliance services. As the only company in the world fully accredited to provide a suite of services that includes SSAE 16 (SOC 1) examinations, SOC 2 examinations, SOC 3 examinations, PCI DSS compliance validation, ISO 27001 certification, and now FedRAMP authorization, BrightLine offers clients the unique opportunity to achieve multiple compliance objectives through a single third party assessor. For further information, please visit www.brightline.com.