BrightLine Receives Accreditation From A2LA as a FedRAMP Third Party Assessment Organization (3PAO)

TAMPA, FL--(Marketwired - January 08, 2015) - BrightLine CPAs & Associates, Inc. is pleased to announce that it has received accreditation to maintain its' Third Party Assessment Organizations (3PAOs) status from the American Association for Laboratory Accreditation (A2LA). A2LA is the independent accreditation body that now performs competency and independence assessments of to 3PAO's as part of the Federal Risk and Authorization Management Program (FedRAMP). 

FedRAMP is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. This approach uses a "do once, use many times" framework that saves cost, time, and staff required to conduct redundant agency security assessments. As a part of the FedRAMP process, cloud service providers (CSPs) must hire a 3PAO to perform an initial system assessment and continuous monitoring of controls to independently validate and verify that they meet the FedRAMP requirements.

BrightLine was initially authorized to perform 3PAO assessments by the FedRAMP Project Management Office (PMO). As of last year, 3PAO accreditation has been transitioned to A2LA and 3PAOs are now required to be assessed by A2LA auditors in order to maintain accreditation by the FedRAMP PMO. The A2LA assessment process involves a rigorous onsite evaluation of technical competence of the 3PAOs, as well as an assessment of compliance with the requirements of ISO/IEC 17020:2012 titled "Conformity assessment -- Requirements for the operation of various types of bodies performing inspection." The process included a detailed review of BrightLine's quality management system with a focus on both client and engagement independence. 

"Clients often ask 'who audits the auditors'?" stated Doug Barbin, Principal and BrightLine FedRAMP Practice Leader. "As an independent assessment firm, we are overseen by A2LA as well as the ANSI Standards National Accreditation Board (ANAB) for ISO certification, the PCI Security Standards Council for QSA services, and the state CPA boards for performing attestation engagements." 

BrightLine is one of a small number of Type A designated inspection bodies, as defined by ISO 17020. As such, BrightLine is 100% independent and can only perform pre-assessment, assessment, and certification services for its CSP clients and does not perform any management consulting services. 

Inquiries and further information regarding BrightLine's FedRAMP service offerings can found at


BrightLine CPAs & Associates, Inc. is a global provider of assurance and compliance services. As the only company in the world fully accredited to provide a suite of services that includes SSAE 16 (SOC 1) examinations, SOC 2 Examinations, PCI DSS compliance validation, ISO 27001 certification, and FedRAMP authorization, BrightLine offers clients the unique opportunity to achieve multiple compliance objectives through a single third party assessor. For further information, please visit

Contact Information:

Avani Desai
Executive Vice President
866.254.0000 ext. 140