Socrata and FedRAMP

What is FedRAMP?

The Federal Risk and Authorization Management Program (FedRAMP) was created by the Office of Management and Budget to assess and authorize federal cloud computing products and services for use within the United States federal government.

Cloud service providers (CSPs) who want to become FedRAMP certified must adhere to a series of security standards and requirements, be assessed by an authorized Third-Party Assessment Organization (3PAO), and provide continuous monitoring reports and updates to FedRAMP. Details on what it takes to become a FedRAMP certified CSP (vendor) and/or an independent 3PAO (auditor) are outlined in detail on the FedRAMP website.

The purpose of FedRAMP is to reduce the time, effort, and money involved to assess the potential use of CSPs in multiple areas of the government by ensuring specific solutions are “pre-qualified” for use or purchase. While specifically designed for federal agencies, local governments can also rely on FedRAMP certifications as a way to assess CSPs for use in their own agencies, as a way for them to save time, effort, and money in their own security assessments as well.

Is Socrata FedRAMP certified?

Socrata recognizes that being good stewards of our customer’s data means making sure that the information placed in our hands is there when needed, is only visible to those who should have access, and hasn’t been changed. To ensure this, Socrata has invested heavily in our security and privacy programs to ensure that we meet the strictest availability, confidentiality, and integrity requirements.

Over the last two years, Socrata has created a dedicated security team and reviewed our entire systems and business processes to identify those areas where we could improve, then implemented a comprehensive program to make those changes and continue to look for ways we can better our approach to securing your information. We’ve also brought in outside parties to review our security and approach, and have created and deployed a bug bounty program to encourage security researchers to test our systems. All this work has culminated in our application to become one of the earliest software-as-a-service providers to achieve a FedRAMP certification.

Socrata is currently in-process to receive FedRAMP certification. We have completed our audit and are working with a cabinet-level agency to finalize the process and achieve our Authority To Operate (ATO). To see the latest on our current status, visit the Socrata CSP page on the FedRAMP website.

Thank you for your interest in Socrata and your support of our FedRAMP certification initiative.