On my first day at IdeaScale, I had not been at my desk for more than five minutes before the CEO made his way over to me and said, “Your first job at IdeaScale is to get us FedRAMP authorized.”
Without a pause, I answered, “Yes, right away,” and with my boss standing over my shoulder, I opened my to-do list and typed “G-E-T-_-F-E-D-R-A-M-P-E-D.” Once he made his way back to his desk, I googled “W-H-A-T_I-S_F-E-D-R-A-M-P-?.”
For those in the dark, as I was, FedRAMP is an acronym for the “Federal Risk and Authorization Management Program,”which is “a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.” (See https://www.fedramp.gov/about-us/about/.) This program helps government entities buy cloud services with confidence in the security levels of the services and their underlying software.
I’m happy to report that IdeaScale is now FedRAMP Ready with a completed and successful third-party assessment. This means our security controls, policies, and procedures have withstood a grueling multi-month audit and gained a recommendation for FedRAMP authorization in our auditor’s security assessment report. IdeaScale now has an agency reviewing its FedRAMP offering and is on path to receive its first Agency Authorization early this fall.
I quickly learned that this was not a one-person job or something that would happen overnight. The heads of all IdeaScale departments hopped on board and provided support and resources. The sys admin department fortified system borders and provided personnel dedicated to the implementation of security controls and the performance of system scans. The compliance team added an information system security officer to the mix to perform continuous system security reviews and worked with outside professionals to architect the FedRAMP solution. The developers overhauled their system development life cycle process to make the application even more secure. Most importantly, security became the number one priority for all IdeaScale personnel and the number one feature of our SaaS offerings.
As a result of these investments, IdeaScale is ready to provide an innovation management solution to meet the FedRAMP needs of any federal agency. Also, since IdeaScale applies many of the policies and procedures of its FedRAMP offering to each of its enterprise offerings, the time and resources applied to this project have enhanced the confidentiality, integrity, and availability of all IdeaScale services. Whether you work for the government or for enterprise, IdeaScale has a solution to meet your department’s security needs.
This blog post is part of a series authored by IdeaScale employees. It showcases how they’re thinking about crowdsourcing and innovation as part of their daily routine. Feel free to ask questions or make comments.
This post is by Joby Emmons, General Counsel at IdeaScale