As the world transitions toward agile, decentralized cloud computing, numerous US federal agencies have aligned around a stringent set of common standards and practices for security and risk assessment known as FedRAMP.
Cloud services built around those FedRAMP standards are suitable for virtually any system with intensive data protection requirements, including companies that supply the defense industry, organizations that perform medical research, and more.
The overarching goal of the FedRAMP program is to “facilitate the shift from insecure, tethered, tedious IT to secure, mobile, nimble, and quick IT.” First and foremost, that means making sure that the transition to cloud computing can happen without compromising security. To achieve that, the program establishes standards and practices built around a tiered risk model. FedRAMP defines three “impact levels” (low, medium, and high) based on the potential consequences of a security breach or failure; and establishes standards for systems that fall under each of those three levels.
The FedRAMP standards focus primarily on the platform and infrastructure level. The General Services Administration (GSA) oversees those standards and authorizes cloud service providers based on compliance with a set of detailed criteria and continuous monitoring to ensure ongoing data protection. Amazon Web Services (AWS) is one of those authorized cloud service providers.
Amazon’s offering is called AWS GovCloud. It is an isolated cloud platform designed to meet strict Federal requirements for security, up to and including the “high impact” FedRAMP baseline. That makes GovCloud suitable for “any system where loss of confidentiality, integrity, or availability could be expected to have a severe or catastrophic adverse effect on organizational operations, organizational assets, or individuals.”
AWS GovCloud allows access by US persons (citizens and green-card holders), and provides segregated access via a dedicated GovCloud login for each authorized user. Qualified AWS customers can request access via the AWS Management Console, or by contacting their Amazon account representative.
GovCloud complies with a long list of other security standards as well, including NIST, FIPS, SRG, DFARS, and more. GovCloud is suitable for hosting sensitive data and regulated workloads, including the DOJ and DoD information, data pertaining to US International Traffic in Arms Regulations (ITAR), and more. Beyond that, AWS GovCloud is a good fit for any system with stringent requirements, including those that house medical records, military secrets and other classified information, financial records, and law enforcement information.
Intellect QMS on GovCloud
Intellect QMS 4.0 is a highly configurable, integrated suite of QMS applications and no-code compliance platform. Government agencies and businesses across a range of industries trust Intellect to help them improve operations and comply with stringent regulations, ISO standards, and global GxP requirements.
Intellect’s Quality Management Suite (Intellect QMS 4.0) and our No-Code Compliance Platform is available to run seamlessly on the FedRAMP-authorized AWS GovCloud infrastructure. We work with customers in regulated industries every day who have intensive security requirements. That includes government agencies and defense contractors subject to DoD guidelines; as well as medical device manufacturers and Life Science companies who collect and maintain protected health information (PHI) subject to HIPAA regulations.
Intellect’s QMS and no-code Compliance Platform for AWS GovCloud address critical system access, data storage, and technical data access compliance requirements critical for organizations in regulated industries. Data passing to and from Intellect QMS is encrypted in-transit using TLS 1.2, and connections are authenticated using AES 128 GCM with ECDHE RSA as a key exchange mechanism. We use encrypted block storage to protect data at rest. Intellect maintains a SOC2 Type 1 certification. (A copy of that certificate is available upon request.)
If your organization is looking to implement automated, highly configurable QMS to support ISO standards and improve regulatory compliance, we would like to speak with you. For organizations with stringent security requirements, Intellect QMS runs seamlessly on the AWS GovCloud platform. Contact us today to arrange a free demo.