FedRAMP Third Party Assessment Organizations (3PAO)
A2LA offers accreditation of Third-Party Assessment Organizations (3PAOs) as part of the Federal Risk and Authorization Management Program (FedRAMP).
FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud-based services. Under the Security Assessment Framework, 3PAOs are required to be accredited by A2LA in order to be recognized by the FedRAMP Project Management Office (PMO). The A2LA assessment process involves a rigorous evaluation of technical competence of the 3PAOs and their compliance with international standards.
Starting in June 2018, any new organization that wishes to become an accredited 3PAO must spend at least a year in the Cybersecurity Inspection Body Program in order to demonstrate a level of technical competence prior to consideration for FedRAMP 3PAO recognition. The additional requirements for FedRAMP 3PAO recognition are available (upon request).
The list of FedRAMP approved 3PAOs can be found on FedRAMP website.
This specialty program is covered under the A2LA Inspection Body Accreditation Program.
ISO/IEC 17020 Requirements for the Operation of Various Types of Bodies Performing Inspection
ILAC P15 - Application of ISO/IEC 17020
R311 - Specific Requirements: Federal Risk and Authorization Management Program (FedRAMP)
Information on the FedRAMP process for recognizing cloud services providers may be found on the FedRAMP website.
A2LA Issues First Accreditation to Newly Published ISO/IEC 17025:2017
A2LA Launches Cybersecurity Inspection Body Program
A2LA Accredits First Recreational Marijuana Laboratory in Alaska to ISO/IEC 17025
A2LA Today March 2018 Newsletter
ISO/IEC 17025 and ISO/IEC 17011 Update
New & Updated Documents December 2017
In some cases there may be contractual obligation…
For all types of inspection bodies, top managemen…
For either independent or in-house inspection bod…
For the purposes of A2LA accreditation, accredite…
In some instances external requirements, standard…
No. ISO/IEC section 8.6.3 requires that the inspe…
Not necessarily - The standard calls for the insp…
Determining the cause of nonconformity is deemed …