Cybersecurity Inspection Body Program
A2LA offers accreditation of cybersecurity organizations to instill confidence in the quality of the independent assessment services to various compliance regimes.
The Cybersecurity Inspection Body Program was created to provide added trust and assurance in the quality of assessments performed by our accredited organizations. A2LA's third party accreditation offers an independent review of an organization's compliance to both ISO/IEC 17020 (Requirements for the operation of various types of bodies performing inspections) as well as competence in technical program requirements for the desired scope of accreditation (I.e. SOC II, HIPAA/HITECH, PCI, etc.).
Organizations accredited under this program will be known as Independent Assessment Organizations (IAOs). Accreditation as an IAO functions as the initial step to become a FedRAMP 3PAO. IAOs must hold a Cybersecurity Inspection Body Program Accreditation for a minimum period of 1 year before being considered for FedRAMP 3PAO status.
Please note that A2LA accreditation to the requirements of a given inspection scheme is not meant to replace an existing approval process through the scheme owner.
This specialty program is covered under the A2LA Inspection Body Accreditation Program.
ISO/IEC 17020 Requirements for the Operation of Various Types of Bodies Performing Inspection
ILAC P15 - Application of ISO/IEC 17020
R335 - Specific Requirements: Cybersecurity Inspection Body Program
MS 110S - ISO/IEC 17025:2017 Marcando la diferencia con la versión 2005
ISO/IEC 17025:2017 – La Nueva Norma para la Competencia del Laboratorio (MS 111S)
ISO/IEC 17025:2017 The New Standard for Laboratory Competence (MS 111)
Basic Statistics for Laboratory Professionals (EMU 100)
Introduction to Measurement Uncertainty (EMU 101)
Applied Measurement Uncertainty for Testing Laboratories (EMU 201)
A2LA Accredits First Organization in the NFPA Field Evaluation Body Accreditation Program
A2LA Recognized to Accredit Special Inspection Agencies in the City of Philadelphia
In some cases there may be contractual obligation…
For all types of inspection bodies, top managemen…
For either independent or in-house inspection bod…
For the purposes of A2LA accreditation, accredite…
In some instances external requirements, standard…
No. ISO/IEC section 8.6.3 requires that the inspe…
Not necessarily - The standard calls for the insp…
Determining the cause of nonconformity is deemed …