State of North Dakota and GovRAMP
ND-Flag-Color

Announcements

  • As of July 1, 2023, North Dakota Information Technology (NDIT) requires a third-party assessment of all North Dakota State Agency vendors hosting and/or transmitting state data. The assessment will be part of the overall IT review for new ND systems and for system renewals.
  • Fast Track Option: Vendors with FedRAMP, GovRAMP, or HITRUST authorization will not be required to complete an NDIT third-party assessment.

Why Third-Party Risk?

The State of North Dakota has a moral responsibility to protect citizen data.  Citizens are asked to provide sensitive information to receive various state-administered services. They cannot go elsewhere to receive supplemental nutrition assistance, fishing license, mental health, or a driver’s license – just a small sample of the various critical and quality of life services North Dakota residents depend on to “Be Legendary”. NDIT defends citizen data by proactively minimizing risk on the state network, along with cloud systems and applications used to administer services.  One way to do this is to partner with GovRAMP.

What is North Dakota’s Third-Party Risk Management Program?

North Dakota’s Third-Party Risk Management (TPRM) Program ensures potential risks are identified, evaluated, and mitigated when associated with third-party vendors. TPRM focuses on due diligence activities which provides reasonable assurance that ND citizen data is safeguarded. The breadth and depth of an assessment is dependent on the type of data a vendor will store and/or transmit based on NDIT’s Data Classification Policy.

GovRAMP is a strategic partner for the State of North Dakota, as vendors who are authorized by GovRAMP are fast-tracked through the NDIT TPRM assessment process.

With GovRAMP, North Dakota’s third-party cloud IT providers ensure:

  • Government’s published cybersecurity policies and met and maintained.
  • Data is stored and processed in a secure environment.
  • A standardized approach to assessing and verifying security controls by an independent, third-party security assessor organization (3PAO).

Additionally, GovRAMP provides continuous monitoring of vendors, which allows our staff to focus on other priorities to reduce risk to our state’s citizens.

The key outcomes of TPRM are:

  • Understand security concerns when selecting a vendor.
  • Safeguard data to foster an environment of citizen trust.
  • Mitigate undue risks and costs associated with third-party breaches.
  • Compliance with legal, privacy, policies, and standards requirements.
  • Ensure Business Continuity by verifying third-party vendors have effective contingency plans.
  • Partner with vendors as cybersecurity is a shared responsibility.

Contact Information

Click below to review contact information for the State of North Dakota.

Email OMB/Procurement
Email Security/Assessment

GovRAMP Participating Governments

GovRAMP is accepted by North Carolina and other states. See a list of GovRAMP’s participating governments here.
See Participating Governments
STAY INFORMED

Receive Updates and Resources

Subscribe to receive program updates, educational briefings, and public sector implementation insights.