The product security controls that need to be implemented by CSPs must align to NIST 800-53, the standard by which RisKonsults conducts its TX-RAMP gap assessment. For CSPs, our consultants will evaluate and discuss your organization’s unique situation, advise you on what level of certification is most appropriate and conduct a gap assessment to determine where you are in your product security journey.

For state agencies and colleges, RisKonsults can evaluate your supplier risk management program if it adequately addresses the requirements of TX-RAMP. Your organization’s vendor risk management (VRM) program must incorporate the provisions of TX-RAMP to be effective. The key is to ensure your organization is adequately protected to reduce its potential exposure to third-party-related risks. The Texas Risk and Authorization Management Program (TX-RAMP) was established by the Texas Department of Information Resources (DIR) in response to Texas SB 475, which became law in 2021. In a nutshell, TX-RAMP is a certification program. All Cloud Service Providers (CSPs) to Texas State agencies, including institutions of higher education, must be certified by DIR as either Provisional, Level 1, or Level 2 status. TX-RAMP is a product-based certification, unlike ISO 27001, an ISMS certification.