Why did your organization become a StateRAMP member? 

Our solution is designed to meet the needs of government agencies, many of which require StateRAMP certification as a prerequisite for collaboration. Becoming a StateRAMP member allows us to align with the strict security standards required, providing assurance that we can protect sensitive data and support better business continuity and organizational intelligence.

 

What advice do you have for other providers progressing through the StateRAMP process? 

Achieving StateRAMP certification is a rigorous, but necessary process that requires thorough planning and attention to detail. Building a strong, knowledgeable team to assist with collecting and interpreting the necessary requirements will make a big difference. We also highly recommend enrolling in the Progressing Snapshot program—this tool is invaluable in helping organizations streamline their path to certification by offering early guidance and feedback. The process may be challenging, but having the right support and strategy makes it more manageable and rewarding. 

 

How do you stay up to date with the evolving cybersecurity landscape? 

We stay informed through a variety of channels, including both local and national user groups, and by participating in associations like the International Association of Privacy Professionals (IAPP). Additionally, we subscribe to daily security newsletters, critical alerts, and updates. We also take advantage of vendor resources for the latest news and insights, while leveraging vendor resources to stay informed of the latest developments. These efforts ensure that we remain agile and ready to respond to emerging cybersecurity challenges. 

 

How has StateRAMP benefited your organization so far? 

Achieving StateRAMP certification has enhanced credibility with our customers and partners. Being certified through such a well-respected framework not only validates our security efforts but also opens new opportunities to engage with government agencies that require compliance with StateRAMP standards. 

 

Please share any specific lessons learned from your StateRAMP journey. 

Despite holding SOC2 Type 2 certification, we quickly realized that StateRAMP demands a more thorough level of evidence and documentation. The overlap between SOC2 and StateRAMP requirements is smaller than anticipated, and StateRAMP requires deeper control validation. For companies unfamiliar with navigating compliance frameworks, we strongly encourage participating in the Progressive Snapshot program, as it provides valuable insights and guidance throughout the certification process. 

 

What cybersecurity-related events, conferences, or webinars do you recommend for industry professionals? 

We recommend attending a mix of webinars hosted by professional organizations or vendors such as the SANS Institute. Vendor-specific conferences, such as those hosted by Cisco, Tenable, or KnowBe4 (KB4), as well as the RSA Annual Conference, TechNet Cyber, and IBM’s SPADE conferences, are valuable for staying up to date with the latest industry practices. Additionally, following security-focused blogs like SecurityWeek, Threatpost, and The Hacker News helps us stay informed about emerging threats and trends.

 

How can other members or organizations collaborate with your company on cybersecurity projects? 

We believe in the value of collaboration and knowledge sharing. Programs like StateRAMP’s Member Spotlight are great ways to highlight best practices and showcase how different organizations are tackling certification challenges. We welcome the opportunity to work with any organization who is looking to better secure their data with post-quantum ready data encryption. 

 

Is there anything else you would like to share with the StateRAMP community or broader cybersecurity community? 

While significant focus is placed on securing the perimeter of an organization, it’s equally important to ensure data security within the internal environment, especially when data is in use—when it is most vulnerable. This was a driving force behind the development of our OneVault solution, which helps organizations safeguard their critical data throughout its lifecycle. As the cybersecurity landscape evolves, we encourage everyone to look beyond perimeter defenses and implement solutions that protect sensitive data wherever it resides. 

About Donoma Software

At Donoma Software, we build data preservation and governance solutions that are easy to implement, easy to use and highly secure. We help organizations successfully navigate to better business continuity & agile organizational intelligence.