So, we are a small company (<20 full time, plus a few contractors for software development, but we have clients all over the country that operate at various state and federal levels. A few clients have started asking about StateRAMP, but i don't really want to go that route, since we also work with government clients from time to time.
What is the process like for a single person (hi, its me) who is going to be overseeing pushing our software through the Li-SaaS baseline? Where do I start? I'm currently working on getting us CSA qualified, and i've already told the C-team that eventually we are going to have to pay for external audits and this will require ongoing support, so I'm undoing a lot of bad practices and want us to move forward the right way.
Am i wrong for thinking that I can handle the process of getting us started? I won't be doing the development, i'm just going to handle assessments and policy.
Thanks for any feedback!
[link] [comments]