Date & Time
Monday, October 15, 2018, 3:00 PM - 4:30 PM
Category
Governance, Risk & Compliance
Description

Adobe Creative Cloud for enterprise, Adobe Document Cloud PDF Services, and Adobe Sign have received Agency Authorization to Operate (ATO) under the FedRAMP Tailored Baseline program for Cloud Service Providers (CSPs) with Low-Impact Software-as-a-Service (LI-SaaS) Systems. Adobe is the  first vendor in the new Federal Risk and Authorization Management Program (FedRAMP) Tailored program with the General Services Administration (GSA). The FedRAMP Tailored program makes it easier for government agencies to quickly adopt new cloud services that improve digital experiences, such as building more engaging and mobile friendly websites, signing forms electronically, and applying security to information across their networks. FedRAMP Tailored policy and requirements provide a more efficient path for solution providers to achieve a FedRAMP Agency Authorization to Operate (ATO). It was developed as an alternative to full FedRAMP authorization to enable government agencies to get qualifying solutions that do not handle sensitive information into their environments more quickly. Adobe has been partnering with key Federal government agencies since the launch of FedRAMP Tailored to help achieve authorization for several of our cloud solutions.



Over the past several years, we have been developing and implementing the open source Adobe Common Controls Framework (CCF), enabling our cloud products, services, platforms and operations to achieve compliance with various security certifications, standards, and regulations such as SOC2, ISO, PCI, HIPAA, and others. CCF is a cornerstone of our company-wide security strategy. It also provides the flexibility to quickly adapt to and tackle new compliance and certification requirements as needed for our business and solutions. The power of CCF has most recently helped us achieve the FedRAMP Tailored authorization and will continue to help Adobe adapt to constantly changing requirements. This talk will focus on how we achieved the above using our open source framework.

Speaker(s)
Prabhath Karanth; Prasant Vadlamudi; Justin Brower
Speaker Bio(s)
Prabhath Karanth has more than 8 years of experience in the audit and compliance field. He currently works as Manager of the “Technology – GRC” group @ Adobe and is responsible for managing the compliance efforts across Adobe cloud-based enterprise offerings and leads the engagement and operations for the Tech GRC function. He has led the successful implementation of CCF across Adobe which has helped Adobe achieve various compliance milestones such as SOC2, ISO, PCI, HIPPA & FedRamp Tailored Authorization. He has also championed the reengineering of several compliance/security processes across Adobe to scale them across the enterprise to achieve cost reductions and consistencies. Prior to joining Adobe Prabhath was with PwC in the systems and process assurance practice. He is one of the co-authors of Adobe common controls framework (CCF).
 

Prasant Vadlamudi has more than 10 years of experience in the audit and compliance field. He currently works as Director of the “Technology – GRC” group @ Adobe and is responsible for leading the compliance efforts across Adobe cloud-based enterprise offerings. He has been extensively involved in various cloud-based security and compliance related audits and is very familiar with frameworks like SOC2, ISO, PCI, HIPAA and FedRAMP. Prior to joining Adobe Prasant used to work with the ITRA division at Ernst and Young. Prasant is also the main architect of the Common Control Framework (CCF) by Adobe which is the cornerstone of Adobe’s company-wide compliance strategy
 

Justin has an extensive audit and compliance background working as a consultant for several years assisting clients with SOX, SOC 1/2, ISO, HIPAA and PCI compliance prior to joining Adobe’s Technology Governance Risk and Compliance group. His role at Adobe includes coordinating the ongoing PCI, SOC2/ISO and FedRamp tailored efforts across that Creative and Document Clouds

CEUs
1.8