Continuum GRC Security

SaaS security at Continuum GRC is job one. All Continuum GRC customers benefit from a data center and network architecture built to satisfy the requirements of the most security-sensitive organizations. Continuum GRC, cloud compliance enables our customers to understand the robust controls in place to maintain security and data protection in the cloud. As systems are built on top of AWS cloud and AWS GovCloud infrastructure, compliance responsibilities will be shared.

By tying together governance-focused, audit-friendly service features with applicable compliance or audit standards, Continuum GRC, compliance enablers build on traditional programs, helping customers to establish and operate in a Continuum GRC security control environment.

Continuum GRC AUtomapping at work

Compliance

Continuum GRC environments are continuously audited, with certifications and attestations from accreditation bodies across geographies and verticals. In the Continuum GRC environment, take advantage of automated tools for asset inventory and privileged access reporting.

We use our own tools exclusively to manage our own compliance program internally. When National Security, cybersecurity, and your organization's competitive advantage are at risk, don't trust your data or success to anything less!

FedRAMP blue image large. Visualize 2025 FedRAMP compliance with Continuum's GRC platforms.

FedRAMP Authorization

FedRAMP Authorized Moderate

The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. Continuum GRC is the only Risk Assessment and Management solution listed in the FedRAMP certified marketplace.

FedRAMP enables Agencies to rapidly adapt from old, insecure legacy IT to mission-enabling, secure, and cost-effective cloud-based IT. Continuum GRC created and manages a core set of processes to ensure effective, repeatable cloud security for the government.

StateRAMP Authorized

StateRAMP Authorized Moderate

StateRAMP is a program that enables cloud services providers (CSPs) to meet and demonstrate the security requirements embedded with FISMA and the NIST publications so that a State, Local, or Tribal Government Agency may outsource with the confidence that its cloud service provider is meeting those requirements. Continuum GRC is the only Risk Assessment and Management solution listed in the StateRAMP marketplace.

PCI DSS Certification

Continuum GRC is certified under the Payment Card Industry (PCI) Data Security Standard (DSS). Customers can run Continuum GRC applications on our PCI-compliant technology environment for storing, processing, and transmitting credit card information in the cloud. The Continuum GRC PCI compliance package includes the Continuum GRC PCI SAQ-D Service Provider Attestation of Compliance (AoC), which shows that Continuum GRC has been successfully validated against standards applicable to a service provider under PCI DSS and the Continuum GRC PCI Responsibility Summary, which explains how compliance responsibilities are shared between Continuum GRC, AWS, and our customers in the cloud.

HIPAA Attestation

Continuum GRC enables covered entities and their business associates subject to the U.S. Health Insurance Portability and Accountability Act (HIPAA) to leverage the secure Continuum GRC and AWS environment to process, maintain, and store protected health information. Additionally, Continuum GRC, as of December 2015, is able to sign business associate agreements (BAA) with such customers.

Contact Continuum GRC for Compliance Reports & Certifications

You can request the reports and certifications produced by our third-party auditors, which attest to the design and operating effectiveness of the Continuum GRC environment. Report and certification requests can be made through a Continuum GRC account representative.

Security Benefits

As an AWS customer, we inherit all the best practices of AWS policies, architecture, and operational processes built to satisfy the requirements of our most security-sensitive customers. We get the flexibility and agility needed in security controls.