The FedRAMP program is not directly applicable to Axsy as we are 100% additive to the Salesforce Platform as an ISV that runs natively on the Salesforce Platform. With Salesforce being the underlying SaaS/PaaS for the Axsy mobile app, it is Salesforce that is responsible for supplying all the infrastructure and platform-layer controls to include endpoint protection, SIEM/monitoring, ticketing, file integrity monitoring, directory services, border protection, secrets management, multi-factor authentication, configuration management (non-software related), vulnerability management, and host-based intrusion prevention/detection.
As a native and single tenant app, Axsy fully inherits the Salesforce Platform and Salesforce Government Cloud’s certifications and compliance with standards and regulations. Details can be found at https://trust.salesforce.com/en/compliance/.
Axsy is responsible for the protection of customer data whilst in transit between the Salesforce Platform and the Axsy mobile app and when data is stored locally on the Axsy mobile app. Please see our security posture article for more details.
Furthermore, Axsy personnel have no access to their agency customers’ production environments unless explicitly granted it by the agency for support and troubleshooting purposes, where they would be treated by the agency as third-party personnel. The roles/permissions provided to Axsy as an ISV would be assigned by the agency and removed when no longer necessary. In these instances, Axsy would ensure that any personnel in a customer support role meet the personnel security requirements of the agency they are supporting.