Key takeaways:
TransUnion has achieved FedRAMP Ready status, marking a major milestone in its ability to securely deliver cloud-based solutions to U.S. government agencies. This designation streamlines compliance, reduces audit burdens and accelerates the deployment of advanced identity, fraud, and risk-based decision-making tools tailored to the public sector.
Authored by Stuart Levy, Vice President of Identity for TransUnion's public sector business
Information for good — those are the words we live by at TransUnion. To be a trusted service provider to government, commercial enterprise and consumers, we are experts at data governance, security and privacy. Operating in regulated industries around the globe, we have robust technology and significant resources dedicated to ensuring we meet or exceed the latest industry standards for data security. Like any organization, strategy drives our investment priorities — including our information security goals.
FedRAMP: A true partnership with industry
Anyone serving in the US public sector understands the complexity of complying with various standards — often making significant investments just to get a seat at the table. It’s refreshing when government uses true partnership with industry to streamline regulatory compliance. FedRAMP is this type of program, providing an attainable framework to accelerate government access to critical cloud-based applications and services.
How FedRAMP accelerated government access to TransUnion solutions
We sought to accelerate the availability of advanced capability into our FedRAMP cloud such as: mature graph-based entity resolution; the industry standard for American public data coverage and accuracy; NIST conforming and multi-layer access controls such as behavioral metrics; highly performing government ID document verification; user device evaluation; synthetic identity reporting and risk-based decisioning. All on a platform designed for government.
FedRAMP’s design and management by the FedRAMP Program Management Office was critical to our strategy. The program enabled us to eliminate numerous other audits and related infosec initiatives. This allowed us to focus our infosec personnel on a single well-documented standard. It also aligned with our security and privacy by design product development philosophy, necessary for all of TransUnion’s products. Of paramount importance was the FedRAMP Program Management Office, which is highly responsive to commercial cloud service provider and agency needs, including initiatives such as FedRAMP 20-X.
Onboarding a well-known managed platform-as-a-service, also provides a proven framework of pre-configured, pre-documented, and inheritable controls that includes people, process, and technology. This engagement will drastically cut the time for audit preparation thereby removing barriers to a series of anticipated ATO’s and has already proven critical in quickly getting us to FedRAMP Ready status.
FedRAMP Ready and beyond
Leveraging a well-defined and managed program, FedRAMP enables TransUnion to deliver critical services to our agency clients and other public sector organizations. Our services are important for reducing fraud, waste and abuse, automating previously manual processes, and improving governments’ ability to better serve constituents. Learn more about our public sector offerings, our identity and fraud solutions or look for us on the FedRAMP Marketplace.
