Is Encodian FedRAMP compliant?

August 12th 2022
Back to all blogs

With more and more US governmental agencies digitising, data security has become a priority. So, it’s understandable asking if we’re FedRAMP (Federal Risk and Authorization Management Program) compliant. The truth is, we don’t need to be! All US governmental agencies we work with, both federal and state, opt for our Dedicated Plan, which means we install Flowr directly into your Azure tenant, meaning you have complete control. And as FedRAMP is only for cloud-based services, no cloud means no need for FedRAMP!  

What is the Dedicated Plan? 

If you’re on our Dedicated plan, Flowr, the API and services have been installed directly into your Azure Tenant, so it never leaves your infrastructure. It means that you can use Flowr as much as you need without having to worry about security risks from a third-party provider and it circumvents the need to use the cloud entirely.

If you’re wondering about how we would install it into your Azure Environment, take a look at our Dedicated plan blog post.

FISMA Compliance 

Although it is your responsibility to ensure that your company is FIMSA compliant and to audit third-party suppliers, we are happy to help by answering any questions. Many of our customers have security questionnaires they send us before adding us as a supplier, so feel free to do the same. We also regularly work with software like UpGuard, which specialises in third-party risk and attack management. 

So, can we use Encodian in the GCC?

Yes! Encodian Flowr can be installed directly into your Azure tenant. That’s what our Dedicated Plan is there for. Installing Flowr into your estate is something we have done multiple times for our high-security customers. Because we don’t store your data, you can rest assured that your information is secure whilst using Encodian. 

If you’re wondering what the GCC is, this is how Microsoft explains it: “To meet the unique and evolving requirements of the United States Federal, State, Local, and Tribal governments, as well as contractors holding or processing data on behalf of the US Government, Microsoft offers the Office 365 Government GCC environment.” It’s basically a version of Microsoft 365 specifically built for governmental agencies to ensure the highest level of security.

How can you be sure we’re doing what we say? 

We are ISO 27001 certified, an international standard to ensure we work by the best practices in the industry. As a regulated assessor evaluates us annually, if we’re not doing what we say, we lose it! As a document management company, data is our bread and butter, so we ensure that yours is as safe as possible. 


We take your data security very seriously. If you do too, please reach out to us to talk about our Dedicated Plan today

Dan Kong

Sales Director

Back to all blogs

You might also be interested in...