FedRAMP Compliance
FedRAMP is an important standard for those who are technologically connected within the U.S. Federal government network. Our Viewpoint products are part of a non-Federal Government network since U.S. Federal Government employees do not directly access our products from their workstations which are on a U.S. Federal Government network. For this reason our compliance efforts have focused on SOC II, Type 2, which consists of having an independent 3rd party review both our administrative and technical controls over the period of 12 months to gauge whether they are working or not. These reports can be made available under NDA. Additionally, Viewpoint is pursuing NIST 800-171 certifications from an independent 3rd party which is commensurate with both the information we're safeguarding and our non-Federal Government network status.
In addition, since both our Vista and Spectrum Cloud solutions are hosted in Microsoft's Azure cloud, we are able to leverage Microsoft's support for many cloud-enabled standards. In relation to this, Microsoft's Azure cloud is already approved for FedRAMP High Impact Level operations.
Please see the following link from Microsoft for more detail: https://azure.microsoft.com/en-us/blog/all-us-azure-regions-now-approved-for-fedramp-high-impact-level/
changelog
Monday, 31 July 2023 at 01:56PM:
Updated to show applicability to Spectrum as hosted in Trimble Viewpoint's ERP Cloud
Tuesday, 11 July 2023 at 04:29PM:
Added additional clarification from Trimble VP security officer around applicability of FedRAMP to Trimble Viewpoint hosted solutions.