Enhancing customer security through FedRAMP authorization

Cloud-based solutions are becoming more and more popular due to their ability to enhance collaboration across teams, simplify reporting processes with centralized data, and empower program improvement and innovation. But these solutions also come with their fair share of risks, which are especially threatening to public sector agencies handling sensitive information. According to Forbes, “cyberattacks at the cloud provider site, the cloud provider’s adherence to security protocols, and unreported security breaches” are among the top concerns preventing public sector IT departments from adopting cloud-based technology. While these risks are real concerns for public sector agencies, not moving into modern cloud-based technology is leading to service delivery challenges. In fact, one quarter of organizations surveyed by Forbes and Amazon Web Services (AWS) said their outdated systems hold them back. While there are risks associated with cloud-based solutions, with the right security and compliance protocols, your organization can safely modernize its infrastructure. In this blog, learn about the steps Bonterra is taking to support public sector agencies shifting to cloud-based solutions.  

Bonterra’s approach to cloud security 

We have long understood the significant benefits that modern technology can bring, That’s why security and compliance best practices are built into Bonterra at every level, from our products and technical architecture to our everyday business operations. 

• 3PAO Partnerships: Through our partnership with InfusionPoints and A-LIGN, our accredited Third Party Assessment Organizations (3PAO), we ensure the highest level of security, compliance, and reliability for public sector agencies as they navigate the complex landscape of federal regulations. InfusionPoints’ XccelerATOr, with Managed Cloud Services and VNSOC360° monitoring service, provides continuous real-time analysis and response to security events, ensuring our customers’ information is always kept safe. 
• AWS GovCloud (US): We recently launched our impact management solution in AWS GovCloud, “the leading regulated industry cloud solution that technology leaders have trusted to manage sensitive data and controlled unclassified information (CUI)” allowing customers to securely scale their operations to meet their unique needs.  
• Zero trust architecture: We have implemented a zero trust architecture, meaning we continuously verify network activities to reduce the risk of threats, securing network access from any device on the network without human intervention.  
• Security and compliance core capabilities: In addition to the safeguards outlined above, our impact management solution is SOC 2 Type II, HIPAA, and ISO 27001 compliant. 

We are always seeking new and improved ways to enhance our security and compliance credentials to better support our customers and ensure their information is secure. To continue this commitment, this year we began the process to become Federal Risk and Authorization Management Program (FedRAMP) authorized.  

What is FedRAMP? 

FedRAMP is, “a government-wide program that promotes the adoption of secure cloud services across the federal government by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies.” One of their main goals is to increase the use of cloud technology among government agencies by enhancing the framework used to secure and authorize these resources. FedRAMP authorization is a detailed process consisting of 27 applicable laws and regulations and 26 standards and guidance documents and it must be completed by any cloud service hosting federal information. Gaining FedRAMP authorization represents Bonterra’s ongoing commitment to meeting the highest security standards.  

What has Bonterra’s FedRAMP journey looked like? 

In order to achieve FedRAMP authorization, Bonterra has focused on dedicating resources to meeting FedRAMP standards, conducting tests, and implementing a process of continuous improvement to meet those standards. This process prepared us for deployment on AWS GovCloud, and for our completion of A-LIGN's readiness assessment. We’re excited to say that Bonterra Impact Management is scheduled to be FedRAMP Authorized to Operate (ATO) by the end of 2024. 

What does this mean for Bonterra Impact Management customers? 

Becoming FedRAMP authorized means that Bonterra will be the only purpose-built social good software solution on the FedRAMP marketplace, providing the highest level of security and compliance to our customers. By electing to move into this world class security standard, Bonterra leadership has demonstrated a commitment to offer its partners high levels of information security assurance given the current threat landscape and the emerging risks involved with new technologies. FedRAMP provides a robust framework for securing cloud solutions, ensuring Federal and State, Local, Education (SLED) agencies can utilize cloud-based software while meeting security and compliance requirements. With its standardized approach to security assessment, authorization, and continuous monitoring, and adherence to federal security requirements, you can be sure your data is safe and secure in our solution.