Anthology Commits to Key Products for TX-RAMP Authorization — Security Compliance for Cloud-Based Services in Texas
As part of Anthology’s commitment to protect clients’ data, we are continuing to obtain authorizations for our products and solutions in accordance with high security and privacy standards. Anthology has worked with select clients to obtain provisional authorization for the Texas Risk and Authorization Management Program (TX-RAMP) for key products including Anthology Student, Anthology Reach, Anthology Finance & HCM, Anthology Student Verification, Anthology Occupation Insight, Anthology Engage, Anthology Encompass, and the SaaS deployment of Blackboard Learn on Amazon Web Services (AWS) GovCloud.
Anthology is actively working to further expand the scope of products under the TX-RAMP authorization scheme. Additionally, Anthology is committed to achieving long-term authorization through StateRAMP authorizations to benefit not only our clients in Texas, but all clients across the United States.
TX-RAMP is a standardized security framework established by the Texas Department of Information Resources (DIR) for the assessment, authorization, and continuous monitoring of cloud computing services used by Texas state agencies. The TX-RAMP framework shares many commonalities with the Federal Risk and Authorization Management Program (FedRAMP) framework and the StateRAMP framework.
“We recognize that our clients own their data and expect high security standards,” said Richie Rodriguez, Chief Information Security Officer at Anthology. “Continuing to work toward security frameworks like TX-RAMP is a key part of our efforts to continuously enhance our controls and support clients through product authorizations and certifications that are externally audited, including StateRAMP, FedRAMP, ISO 27001 and SOC 2.”
Anthology has conducted in-depth reviews of the security controls across all products that are offered in the United States against the StateRAMP requirements. While it is expected that the majority of our products will be TX-RAMP and StateRAMP authorized, each product will be reviewed individually. A list of Anthology’s authorized products can be found on the TX-RAMP page.
To learn more about Anthology’s commitment to high standards of security and privacy, read the Q&A below and visit the Anthology Trust Center.
Q: What Does TX-RAMP Require?
A: TX-RAMP requires that state agencies use TX-RAMP-certified cloud computing services for new contracts or renewals of contracts if those services fall into one of the following categories:
- From January 1, 2023: Services that process, store or transmit agency data determined to be nonconfidential or determined to be a low impact information resource (TX-RAMP Level 1 Certification)
- Since January 1, 2022: Services that process, store or transmit state agency data determined to be confidential and determined to be a moderate or high impact information resource (TX-RAMP Level 2 Certification)
Cloud providers like Anthology need to demonstrate that their cloud-based services comply with the TX-RAMP security criteria to obtain and maintain the TX-RAMP certification.
Q: Which State Agencies Are in Scope?
A: TX-RAMP applies to Texas state agencies, including higher education institutions and public community colleges. It does not apply to K-12 institutions. State agencies are defined in detail in Texas Government Code 2054.003 (13). It is important to note that the designation of a product for a specific market is not relevant for the application of TX-RAMP. For instance, a public community college purchasing a service intended for K-12 would still need to ensure the service is TX-RAMP authorized.
Q: Who Needs to Obtain TX-RAMP Authorization?
A: TX-RAMP authorization is generally the responsibility of Anthology as the cloud service provider, not the responsibility of our clients. Please see below for our approach to obtaining the authorization.
Q: What Is Anthology’s Long-Term Strategy for TX-RAMP?
A: Our strategy is to maintain the TX-RAMP authorizations by obtaining StateRAMP authorizations. The TX-RAMP process provides an 18-month window to secure full authorization, which Anthology will achieve via the StateRAMP program. StateRAMP authorization is automatically recognized by the TX-RAMP framework. This strategy will also benefit our clients outside of Texas, which can be assured by the high-security standards required by the StateRAMP authorization.
Q: Which Anthology Products Will Be TX-RAMP/StateRAMP Authorized?
A: Anthology Student, Anthology Reach, Anthology Finance & HCM, Anthology Student Verification, Anthology Occupation Insight, Anthology Engage, Anthology Encompass, and the SaaS deployment of Blackboard Learn (GovCloud) are already provisionally authorized for TX-RAMP. For our other products, we are working with clients to obtain provisional TX-RAMP authorization. This provisional authorization process is defined by the TX-RAMP framework. Once we obtain a provisional authorization for a product, all Texas state agencies can rely on the authorization for this product. You can find the latest list of our TX-RAMP authorized products on the TX-RAMP page.
More Information and Resources
- Senate Bill 475 (the legal basis for the TX-RAMP framework)
- Texas Government Code 2054.003 (13) (for the definition of “state agencies”)
- StateRAMP website
- FedRAMP website
- FedRAMP authorization for the SaaS deployment of Blackboard Learn SaaS (GovCloud)