Why did your organization decide to become a StateRAMP member?
As we engaged with both state and local governments, there was a consistent challenge they are all facing – demographic changes are forcing CIOs and technology leaders to consider new ways to engage with their constituents. While voice remains an important channel for communications, the ability to offer new digital channels to younger citizens is taking on increased importance. This challenge requires them to provide new digital channels both securely and cost effectively.
Consistent with our experiences with Federal agencies after receiving FedRAMP authorization, the importance of having a cloud-based service offering that enhances and improves an agency’s ability to interact with the public is only one variable to consider. Security is always paramount in every discussion when introducing new technology. StateRAMP membership allows state and local IT leaders to remain focused on driving operational efficiencies and choosing the best solution based on their requirements, while knowing that a StateRAMP authorized service offering has met robust security standards to keep critical information safe and secure. This takes a major risk off the table during evaluation and implementation process for the project stakeholders.
What advice do you have for other providers going through the StateRAMP process?
While the StateRAMP process can seem daunting, the StateRAMP team provides a wide array of resources to help cloud service providers (CSP) achieve StateRAMP authorization. StateRAMP also offers email assistance at info@stateramp.org. CSPs should take advantage of all the online resources and email guidance. StateRAMP wants CSPs to succeed, and that is reflected in their dedication to the CSPs, state agencies, and assessors.
The backbone of the StateRAMP process is the risk management framework developed from NIST 800-53. CSPs must become intimately familiar with the security controls. This includes documentation, processes, and procedures necessary to meet the security requirements. StateRAMP exists to bring together CSPs, agencies, assessors, and industry experts for the mutual benefit of all. To do this, CSPs must provide the necessary information and demonstrate knowledge in cybersecurity, as tested by a third-party assessment organization (3PAO).
T-Metrics recommends finding a 3PAO as soon as possible. Establishing the relationship with a 3PAO will ensure a smooth transition through the StateRAMP authorization steps. 3PAOs must maintain a level of independence. With that, CSPs that have not navigated through a security compliance program or those with limited cybersecurity experience may wish to establish a relationship with two 3PAOs, one for the assessment and the other as an advisor.
How can other members or organizations collaborate with your company on cybersecurity projects?
T-Metrics offers an omnichannel contact center solution that is at the core of transforming how state and local agencies interact with their constituents. Success with any technology project requires vigorous planning and execution. Members and organizations that specialize in providing contact center transformation services are the ideal partners for T-Metrics to collaborate with to achieve a successful project. Also, T-Metrics offers a solution that seamlessly integrates with all major UC providers (e.g., MS Teams, Zoom, Cisco, Avaya, NEC, etc.). As such, service organizations that are upgrading and/or transforming a state’s unified communications environment can expand the project scope to include a StateRAMP authorized, highly flexible omnichannel contact center to improve the experiences of citizens.
