When OMB released the Cloud First initiative and its FedRAMP compliance requirements, Avue became the first and only certified Federal HRLOB platform to be approved as FedRAMP Compliant.
To us, being first means taking care of our clients. We want our clients to fearlessly demonstrate they are compliant with all major HCM, acquisition, and IT requirements. FedRAMP, like the HRLoB certification, is one of the most significant initiatives of the past two Administrations, beginning with eGov in the mid-2000s and transitioning to Cloud First. OMB required that all currently implemented cloud services, and those currently in the acquisition process, meet all FedRAMP requirements or be working toward FedRAMP compliancy, as a FedRAMP In-Process system, by June 5, 2014.
What is FedRAMP? FedRAMP stands for the Federal Risk Authorization and Management Program — and all cloud-based and SaaS applications procured by the federal government — whether from an outside vendor or another federal agency — must be approved as FedRAMP compliant in order for agencies to purchase such services. This means that any HCM or payroll or HR software hosted for a federal agency, even by another federal agency, must meet the strict security and IT standards set by the FedRAMP PMO (GSA and OMB) and have demonstrated that through a rigorous and well-documented security assessment process. Independent third parties test and assess the system for compliance and the FedRAMP PMO reviews packages submitted for approval. This helps ensure that all systems you use meet governing security and risk management standards and that your data is safe and protected.
Avue’s journey to FedRAMP compliancy began with the initial announcement by the White House, OMB, and GSA in 2011. Avue stayed engaged with the FedRAMP PMO as this emerging program, its processes, and its requirements evolved. As the compliance requirements and business processes became more clear, Avue and its sponsor, the Department of Justice, Office of Justice Programs, pursued FedRAMP compliance through the Agency FedRAMP Authorization process. Avue submitted its application for entry into FedRAMP and it was accepted in July of 2012. You can learn more about FedRAMP by visiting www.fedramp.gov and see Avue listed under the FedRAMP Compliant Systems at https://www.fedramp.gov/marketplace/compliant-systems/ where you will find Avue when you expand the list under “Cloud Compliant Systems with an Agency FedRAMP Authorization.”
Our FedRAMP Compliant HCM platform means that all 15 modules within the Avue Platform operate under the most current and rigorous security and risk management standards the Federal government requires. Whether it is Talent Management, Talent Acquisition, Classification, Benefits, Position Management, Performance Management, or Learning Management, every element of the Avue HCM Platform is secure and compliant. And this isn’t a one-time process either. Avue must continuously meet all requirements, implement new requirements as defined by NIST and/or the FedRAMP PMO, and be assessed and evaluated at regular intervals during the year.
Avue clients access Avue through the Amazon Web Services GovCloud, which has received a Provisional Authority to Operate (P-ATO) from the Joint Authorization Board (JAB) under the FedRAMP High baseline. AWS GovCloud (US) is an isolated AWS region designed to host sensitive data and regulated IT workloads in the cloud, and it is operated by employees who are vetted “U.S. Persons” and root account holders of AWS accounts must confirm they are U.S. Persons before being granted access credentials to the region.
Utilizing AWS’s FedRAMP High authorization, which includes over 400 security controls, gives Avue clients the ability to leverage the AWS Cloud for highly sensitive workloads, including Personal Identifiable Information (PII), sensitive patient records, financial data, law enforcement data, and other Controlled Unclassified Information (CUI).