Two Businesswomen Using Laptop In Boardroom Meeting
ComplianceFinanzen Steuern und Buchhaltung26 Oktober, 2022

Reducing administrative overhead with authorized cloud-based tools

The adoption and use of secure cloud solutions are the way of the future for the public sector, and the Federal Risk and Authorization Management Program (FedRAMP) plays a key role. FedRAMP was established in 2011 to encourage and support the adoption of secure modern technology for government agencies. It empowers agencies to use modern cloud technologies, with an emphasis on the security and protection of federal information, and helps accelerate the adoption of secure, cloud solutions (FedRAMP | GSA).

Data security is a critical concern for all organizations and FedRAMP helps agencies by providing a review and continuous monitoring program of cloud service providers to ensure they meet rigorous standards. According to fedramp.gov, “Before FedRAMP, cloud service providers had to meet different security requirements for each federal agency. FedRAMP eliminates duplication by providing a common security framework, making it possible for agencies and cloud service providers to reuse authorizations. A cloud service offering is authorized once and then the security package can be used by any federal agency.”

The cyber world is ever-evolving, and FedRAMP-authorized cloud service providers must maintain system compliance and stay current on new standards and guidelines. FedRAMP leverages the standards and policies created by the National Institute of Standards and Technology (NIST) and oversees a conformity assessment program. Every cloud service provider must go through the process, ensuring security and consistency. FedRAMP also establishes requirements for continuous monitoring.

How does a cloud services provider become FedRAMP authorized?

FedRAMP is mandatory for all U.S. federal executive agency cloud deployments. Four key players must work together to ensure all FedRAMP policies, procedures, and guidelines are met. They include:

  • FedRAMP project management office to oversee the entire process
  • The cloud service provider, such as Wolters Kluwer TeamMate, that is seeking to provide a cloud service offering to U.S. federal agencies
  • Third-party assessment organization to conduct independent assessments of federal cybersecurity requirements
  • Sponsoring agency that works with the cloud service provider to achieve FedRAMP authorization. TeamMate has selected the National Institutes of Health (NIH) as its sponsoring agency to ensure they meet all FedRAMP standards

Drivers for a cloud deployment

Monica Diggs is a Program Analyst at the National Institutes of Health and a long-time TeamMate audit management software user. The disruption during the pandemic emphasized her organization’s need for a cloud-based version of the audit software. While Monica’s team worked remotely, she had limited access to their machines.

TeamMate+ is FedRAMP authorized at the product level and for cloud hosting. Other than the initial deployment, updates happen regularly and automatically. This means NIH no longer needs to manage and coordinate IT resources for solution enhancements, ultimately reducing the burden of administrative overhead.

“We were already using TeamMate, and I wasn’t looking to change the software. But as I planned for the future, I knew we needed to be in the cloud,” said Monica. “TeamMate’s plan to achieve FedRAMP Authorization fit with our needs. In addition to the security confidence that FedRAMP Authorization affords, the use of cloud technology reduces administrative overhead and frees me up to spend time on program-specific tasks.”

Leveraging cloud-based tools means that government audit teams can focus on their mission rather than constantly managing software upgrades, version compliance, etc. 

Having cloud-based audit software gives me peace of mind that our organization is taking steps to be secure and compliant.
Monica Diggs, Program Analyst, National Institutes of Health

Advice for agencies

As you consider leveraging cloud-based audit management software, it’s important to define your objectives. Are you implementing cloud-based applications to modernize your work? Do you want to better comply with federal guidelines? Or are you looking to reduce IT overhead involved with managing locally hosted software? While it’s likely a combination of all the above, it’s critical to determine your needs.

Cloud service providers that make a business decision to work directly with an agency to pursue an Authority to Operate (ATO) will work with the agency throughout the FedRAMP authorization process. This was the path NIH and Wolters Kluwer TeamMate selected because of their longstanding and trusted partnership. When selecting your partner, ensure they provide the tools, capabilities, and support that is right for your organization. Finally, collaboration is the key to success. Establish and agree to goals and timelines, and, most importantly, communicate.

Learn more

You can learn more about our solutions for the U.S. public sector, including our FedRAMP and StateRAMP Authorized cloud-hosting option.

Click below to view a brief demo
For auditors who are challenged to improve audit productivity while delivering strategic insights, TeamMate provides expert solutions, delivered with premium professional services, to auditors around the globe and in every industry.
Back To Top