Skip survey header

TX-RAMP Assessment Request

Please use this form to request a TX-RAMP Assessment.

Important Notes:

• Assessment requests should be submitted by the cloud service provider/manufacturer of the service. Cloud resellers should work with the cloud service provider/manufacturer to coordinate the assessment process as necessary.  DIR will not accept assessment responses for a target cloud service from an organization other than the cloud service provider/manufacturer. 

If you are a SaaS provider, please indicate the CSP as the organization that is responsible for the development/operations of the software, not the underlying IaaS provider if using a subservice organization.


• Cloud services with existing verified status/authorizations through FedRAMP and StateRAMP do NOT need to complete this form.  DIR will leverage the StateRAMP Authorized Vendors List and FedRAMP Marketplace to directly certify the applicable cloud services under TX-RAMP at the corresponding impact level.

• This form should be submitted for each independent cloud service seeking certification. If information systems have varying control implementations, then they likely require individual certifications.  Modular SaaS platforms that operate in a single environment but are licensed or sold individually likely require a single assessment and certification.

• Organizations may submit an initial request for Provisional Certification and a subsequent request for a TX-RAMP Level 1 or Level 2 Certification as needed.
 
Please contact TX-RAMP@dir.texas.gov for questions or to update an existing point of contact. Additional information may be found on the TX-RAMP webpage.
1. Primary Contact Information *This question is required.
3. Secondary Contact Information
Please provide a brief description of your company.
4. Company HUB Certification *This question is required.
6. Does your organization have a current DIR Contract? *This question is required.
7. Does your company currently provide cloud computing services to a Texas State Agency, Public Institution of Higher Education, or Public Community College? *This question is required.
8. Is your company currently bidding on a contract to provide cloud computing services to a Texas state agency, public institution of higher education, or public community college? *This question is required.
Please use the specific product/service name as listed on the company's website. If the product has multiple names, use the optional comments field to provide further information.
Please link to the direct informational URL of the cloud service/product that you would like to be considered for assessment. Do not include custom links based on customers or generic links relating to the company.
Provide a brief synopsis of the cloud computing service.  This is the information that will be displayed on the listing of certified services.  Please do not include customer-specific information. 
For SaaS Providers, the cloud service provider/manufacturer is not the underlying IaaS/PaaS provider. The manufacturer in this context is the entity responsible for the security of the product being offered overall, regardless of if the service is delivered through the use of multiple cloud providers.
13. Are you leveraging an underlying third party IaaS/PaaS provider to deliver the cloud service? *This question is required.
14. Cloud Service Model *This question is required.
Infrastructure as a Service (IaaS): The capability provided to the consumer is to provision processing, storage, networks, and other fundamental computing resources where the consumer is able to deploy and run arbitrary software, which can include operating systems and applications. The consumer does not manage or control the underlying cloud infrastructure but has control over operating systems, storage, and deployed applications; and possibly limited control of select networking components (e.g., host firewalls).

Platform as a Service (PaaS): The capability provided to the consumer is to deploy onto the cloud infrastructure consumer-created or acquired applications created using programming languages, libraries, services, and tools supported by the provider. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, or storage, but has control over the deployed applications and possibly configuration settings for the application-hosting environment.

Software as a Service (SaaS): The capability provided to the consumer is to use the provider’s applications running on a cloud infrastructure. The applications are accessible from various client devices through either a thin client interface, such as a web browser (e.g., web-based email), or a program interface. The consumer does not manage or control the underlying cloud infrastructure including network, servers, operating systems, storage, or even individual application capabilities, with the possible exception of limited user specific application configuration settings.

 
15. Cloud Deployment Model *This question is required.Public Cloud: The cloud infrastructure is provisioned for open use by the general public. It may be owned, managed, and operated by a business, academic, or government organization, or some combination of them. It exists on the premises of the cloud provider.

Hybrid Cloud: The cloud infrastructure is a composition of two or more distinct cloud infrastructures (private, community, or public) that remain unique entities, but are bound together by standardized or proprietary technology that enables data and application portability (e.g., cloud bursting for load balancing between clouds).

Community Cloud: The cloud infrastructure is provisioned for exclusive use by a specific community of consumers from organizations that have shared concerns (e.g., mission, security requirements, policy, and compliance considerations). It may be owned, managed, and operated by one or more of the organizations in the community, a third party, or some combination of them, and it may exist on or off premises.

Private Cloud: The cloud infrastructure is provisioned for exclusive use by a single organization comprising multiple consumers (e.g., business units). It may be owned, managed, and operated by the organization, a third party, or some combination of them, and it may exist on or off premises.

 
16. Request Priority *This question is required.
Very LowLowModerateHighCritical
Provide a rationale and any relevant information as to the selected priority.
17. Does this cloud service currently have provisional certification? *This question is required.Note: This does not include the Agency Interim Provisional Certification. Certification ID numbers can be found on the list of TX-RAMP Certified Cloud Products.
 
18. Which TX-RAMP Certification Assessment Level are you requesting?  *This question is required.
If you'd like to request both provisional and level 1 or 2 at this time then select provisional here and the corresponding level for the other assessment below.

The customer agency is responsible for determining the minimum certification level required to enter or renew a contract for cloud computing services. Please consult with your customer agencies if you are unsure of what certification level to pursue. 

Refer to the TX-RAMP Program Manual for additional information in determining the appropriate certification level.
Note: this is the date requested for the assessment questionnaire to be launched to the respondent. This is not a guaranteed date for beginning the assessment, but helps identify the providers ability to readily provide information and documentation required by the assessment. This question requires a valid date format of MM/DD/YYYY.
calendar
20. Would you also like to request a Level 1 or Level 2 TX-RAMP Assessment at this time? *This question is required.A Level 1 or Level 2 assessment may be requested at a later date by completing this form or by contacting tx-ramp@dir.texas.gov. 
20. Which TX-RAMP Level would you like to request an assessment for? *This question is required.Note:  the customer agency ultimately determines the minimum certification level required for a product based upon the potential business impact of the product and the confidentiality of the agency data. Systems deemed low-impact information resources per 1 TAC § 202.1 require Level 1 certification as the minimum level.  Moderate or high impact information resources that process, store, or transmit confidential information require Level 2 certification as the minimum level.  If you are unsure as to the level required, you should consult your client agencies. 
This question requires a valid date format of MM/DD/YYYY.
calendar
The due date is required to be populated prior to launching the assessment questionnaire.  You may submit a questionnaire early, but unsubmitted questionnaires are automatically deleted 180 days after the due date.  Please select a reasonable due date to ensure the questionnaire is not deleted.   This question requires a valid date format of MM/DD/YYYY.
calendar
20. Approximately, how many Texas state agencies, public institutions of higher education, and public community colleges are currently contracting for the cloud service? *This question is required.