Boomi Trust Center

Publicly Available Information
The Health Insurance Portability and Accountability (HIPAA) Act is a regulation is composed of a series of national standards outlining the privacy and security of protected health information. HIPAA requires the private and confidential handling of protected health information. The subsequent Health Information Technology for Economic and Clinical Health (HITECH) Act defines policies, procedures, and processes that are required to protect electronic protected health information (ePHI).

Boomi-specific Information
As regulatory oversight related to HIPAA continues to increase, ensuring compliance is more important now than ever. The Boomi Enterprise Platform has gone through an intensive third-party assessment to receive HIPAA compliance certification, demonstrating our compliance with the safeguards outlined in HIPAA. This assessment includes administrative, physical, technical, and organizational safeguards, as well as breach notifications. Boomi also goes through audits and yearly monitoring to ensure our platform remains in compliance.

• Boomi Audit: Type 1 Attestation (AT-C 105 and AT-C 205) HIPAA/HITECH)

Publicly Available Information
The Payment Card Industry Data Security Standard Data Security Standard (PCI DSS) is a set of security standards formed in 2004 by Visa, MasterCard, Discover Financial Services, JCB International and American Express. Governed by the Payment Card Industry Security Standards Council (PCI SSC), the compliance scheme aims to secure credit and debit card transactions against data theft and fraud.

Boomi-specific Information
PCI certification is considered the best way to safeguard sensitive data and information, and Boomi puts this at the forefront as we build a trusted relationship with our customers and partners. The Boomi Enterprise Platform has received attestation of compliance for service providers for PCI-DSS.

• Boomi Attestation of Compliance for PCI DSS

Publicly Available Information
System and Organization (SOC) reports utilize independent, third-party auditors to examine various aspects of a company, such as: security, availability, processing integrity, confidentiality, privacy, controls related to financial reporting, and controls related to cybersecurity.

SOC 1 reports focuses on outsourced services performed by service organizations which are relevant to a company’s (user entity) financial reporting. A SOC 2 report is an attestation report issued by an independent Certified Public Accounting (CPA) firm. Its focus addresses operational risks of outsourcing to third-parties outside financial reporting. These reports are based on the Trust Services Criteria which include up to five categories: security, availability, processing integrity, confidentiality, and/or privacy.

Boomi-specific Information
System and Organization Controls (SOC) reports enable customers to feel confident that Boomi is operating in an ethical and compliant manner. No one likes to hear the word audit, but SOC reports establish credibility and trustworthiness for our customers and partners. Boomi Enterprise Platform services Boomi Integration, Boomi DataHub, Boomi B2B/EDI Management, and Boomi API Management are SOC1 & SOC2 Compliant.

Boomi undergoes SOC 1 and SOC 2 examinations annually, and consistently achieves and maintains our compliance. These examinations focus on the Boomi Enterprise Platform and the suitability of the design and operating effectiveness of controls relevant to security and confidentially.

• SOC 1 Compliance Report
• SOC 2 Compliance Report

Publicly Available Information
Boomi has achieved certification for compliance with ISO/IEC 27001:2013, 27701:2019, 27017, and 27018. These certifications are performed by independent third-party auditors. Our compliance with these internationally-recognized standards and code of practice is evidence of our commitment to information security at every level of our organization, and that Boomi’s security program is in accordance with industry leading best practices.

Boomi-specific Information

• ISO/IEC 27001:2013 is a security management standard that specifies security management best practices and comprehensive security controls following the ISO/IEC 27002 best practice guidance. ISO/IEC 27001:2013 requires the development and implementation of a rigorous security program, which includes an Information Security Management System (ISMS) that defines how Boomi manages security in a holistic, comprehensive manner. Boomi’s 27001:2013 ISO certification also includes control objectives from ISO 27017:2015 and ISO 27018:2019 which provides guidance on both the information security aspects of cloud computing and the protection of personal data in the cloud.
• ISO/IEC 27701:2019 is a privacy standard that specifies requirements and guidelines to establish and continuously improve a Privacy Information Management System (PIMS), including processing of Personally Identifiable Information (PII). It is an extension of the ISO/IEC 27001 and ISO/IEC 27002 standards and provides a set of additional controls and associated guidance intended to address public cloud PIMS and PII management requirements. Boomi’s 27701:2019 ISO certification also includes control objectives from ISO 27017:2015 and ISO 27018:2019 which provides guidance on both the information security aspects of cloud computing and the protection of personal data in the cloud.

Documents

• ISO 27001 Certification
• ISO 27701 Certification
• ISO/IEC 27701:2019 is a privacy standard that specifies requirements and guidelines to establish and continuously improve a Privacy Information Management System (PIMS), including processing of Personally Identifiable Information (PII). It is an extension of the ISO/IEC 27001 and ISO/IEC 27002 standards and provides a set of additional controls and associated guidance intended to address public cloud PIMS and PII management requirements. Boomi’s 27701:2019 ISO certification also includes control objectives from ISO 27017:2015 and ISO 27018:2019 which provides guidance on both the information security aspects of cloud computing and the protection of personal data in the cloud.

Publicly Available Information
The Cloud Security Alliance (CSA) is “the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.” The Consensus Assessments Initiative Questionnaire (CAIQ) provides a set of questions a cloud consumer and cloud auditor may wish to ask of a cloud service provider to ascertain their compliance to cloud security best practices.

Boomi-specific Information
Boomi has responded to this questionnaire to provide our customers and prospects with the information necessary to evaluate Boomi’s cloud security controls.

• Boomi Response to the Questionnaire is available here.

Boomi’s Business Continuity Plan (BCP) defines how we respond and recover in an emergency or a disaster. The purpose of a BCP is to minimize the effects of disasters or events that disrupt business operations and to reduce the risk of losses. We developed this plan using industry-accepted methodologies – including robust Business Impact Analysis. The plan encompasses principles of high-availability engineering for our software products and the SaaS products we use to operate. Our BCP aims to make it possible to quickly return to normal conditions after a disaster or event that disrupts company operations.

Boomi’s Disaster Recovery (DR) plan outlines the procedures followed to quickly and efficiently recover Boomi’s services, by focusing on establishing procedures and guidelines to recover Boomi’s services in the event of a disaster. Boomi’s DR plan forms part of Boomi’s business contingency plan (BCP) and establishes business impact analysis (BIA), risk assessment along with recovery strategies.

Cyber Essentials Plus

Boomi’s Cyber Essentials Plus certification demonstrates our commitment to cybersecurity, assuring customers that their data is handled with the utmost care. This UK government-backed certification validates that Boomi has implemented robust security measures to protect against common cyber threats, building trust and confidence in their platform. For UK-based customers, this certification also fulfills a key requirement for many government contracts, simplifying procurement processes and opening doors to new business opportunities.

Cyber Essentials Plus certification offers several key benefits beyond the standard Cyber Essentials certification:

1. Increased Assurance: Unlike Cyber Essentials, which is based on a self-assessment questionnaire, CE+ involves an independent qualified assessor. This provides higher assurance to customers, partners, and stakeholders that your organization’s cybersecurity measures are effective and meet the required standards.
2. Verified Protection: The assessment and vulnerability scans in CE+ verify that the technical security controls are implemented correctly and working as intended. This gives you greater confidence that your organization is protected against a broader range of cyber threats.
3. Continuous Improvement: The CE+ assessment provides valuable insights into your organization’s security posture, identifying areas for improvement and helping you maintain a strong security foundation.

In summary, Cyber Essentials Plus certification provides a higher level of assurance, verifies the effectiveness of your security controls, and supports continuous improvement of cybersecurity posture. The Cyber Essentials badge helps an organization demonstrate the ability to:

• Identify potential risks to better protect against common cyber threats.
• Adopt proper security controls to protect customer data.
• Become compliant with UK government expectations for Cyber Security Essential requirements and eligible to bid on UK government contracts.

You can find verification of Boomi’s Cyber Essentials Certificate on the NCSC website.

• Cyber Essential Certificate
• Cyber Essentials Plus Certificate

DORA (Digital Operations Resilience Act)

The Digital Operational Resilience Act (DORA) aims to establish a new benchmark for Information & Communication Technology (ICT) resilience across the EU financial sector. It applies to all financial sector entities operating within the EU: banks, investment firms, insurance companies, payment providers, etc. and their third-party data and service providers like Boomi.

Boomi enables DORA compliance through robust security measures, 3rd party certifications and audits. Our Financial Services Addendum, available through your account executive, outlines Boomi’s additional support for our Customers, subject to DORA.

Attached is our DORA Mapping guide, which helps you understand how our contract package meetings the obligations of Article 30’s key contractual provisions

Publicly Available Information
The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings.
Established in 2011, FedRAMP is a government-wide program that provides a cost-effective, risk-based approach for the adoption and use of cloud services by the federal government. FedRAMP empowers agencies to use modern cloud technologies, with an emphasis on security and protection of federal information by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies. FedRAMP standardizes security requirements for the authorization and ongoing cybersecurity of cloud services in accordance with FISMA , OMB Circular A-130 and FedRAMP policy.

Boomi-specific Information
Boomi’s sponsoring agency, the United States Agency for International Development, and the FedRAMP Program Management Office (PMO) has determined Boomi has met the requirements for the controls in the FedRAMP Moderate baseline. FedRAMP Authorization indicated that Boomi has passed the rigorous security and risk management review process required to offer the Boomi platform to federal agencies, a mandate for any cloud service provider that serves the federal government. Boomi’s FedRAMP authorized services are a portion of Boomi’s offerings. Not every product or service is FedRAMP. Also, there are configuration steps required to implement the FedRAMP controls when you want that more controlled environment; for information on how to purchase and configure our FedRAMP offering please reach out to your Boomi Account Manager and request more information about our FedRAMP services.

Boomi is officially listed on the FedRAMP Marketplace – the central, online portal of approved cloud service offerings available for federal government use.

Boomi announces its FedRAMP Moderate Authorization achievement, Aug 2019
Those interested in the FedRAMP-certified Boomi Enterprise Platform please visit:

• Boomi Public Sector Website
• FedRAMP Marketplace
• federal.sales@boomi.com

Publicly Available Information

FIPS are standards and guidelines for federal computer systems that are developed by National Institute of Standards and Technology (NIST) in accordance with the Federal Information Security Management Act (FISMA) and approved by the Secretary of Commerce. These standards and guidelines are developed when there are no acceptable industry standards or solutions for a particular government requirement.

Boomi-specific Information

As part of our FedRAMP Authorized offerings we have implemented FIPS 140-2 encryption for our data at rest and in transit. For more detailed information please review our FedRAMP information or contact us.

Publicly Available Information
Founded at the beginning of 2020, StateRAMP was born from the clear need for a standardized approach to the cybersecurity standards required from service providers offering solutions to state and local governments. StateRAMP is a membership organization comprised of service providers offering IaaS, PaaS, and/or SaaS solutions, third party assessment organizations, and government officials.

Boomi-specific Information
The Boomi products are StateRAMP Authorized and are available for state and local government organizations on the StateRAMP Authorized Product List. Through achieving StateRAMP Authorized status, Boomi is showing its commitment to offering a secure product that meets and exceeds the security requirements of our state & local customers. To learn more about how Boomi works to support state and local governments, please reach out to our team. Boomi is currently pursuing StateRAMP Authorization via FedRAMP reciprocity. We are currently StateRAMP “in-Process” and are working closely with the StateRAMP PMO for next steps and timing. In the meantime, Boomi continues to be FedRAMP Authorized and meets the relevant and related NIST 800-53 Controls. StateRAMP website For more information on The State, Local, and Education sector at Boomi, please go here.

The Information Security Registered Assessors Program (IRAP) provides a fully validated and assessed security framework for Australian Government Customers. The IRAP program’s responsibility model is designed to ensure compliance with the Australian Government Information Security Manual (ISM). As part of the IRAP process, assessors have audited and reviewed Boomi’s compliance with these controls.

The IRAP goal is to maximize the security of Australian federal, state, and local government data by focusing on the information and communications technology infrastructure that stores, processes, and communicates it. Boomi is compliant with IRAP standards for our Boomi Enterprise Platform (including Managed Cloud Service, B2B/EDI Management, and Event Streams, with Integration, API Management, DataHub, and Flow workflow management).

Boomi-specific Information
“With the temperature of the Australian security environment rising, maintaining strict standards for data protection and cybersecurity set out under the IRAP framework is more critical than ever, particularly as cross-agency and global cooperation become all the more necessary to mitigate risks.”

-David Irecki, Chief Technology Officer (CTO) for Asia-Pacific and Japan at Boomi, August 2024

“Boomi’s achievement of IRAP assessment further solidifies our commitment to providing the highest levels of security and data protection for Australian organisations, particularly those in government and critical infrastructure sectors. This accomplishment underscores our dedication to meeting the stringent requirements of handling sensitive information, particularly at a time when governments are facing increasing threats both locally and globally.”

-Carl Siva, Chief Information and Security Officer at Boomi, August 2024.

• Boomi Reaffirms Commitment to Security with Successful IRAP Reassessment for Entire Enterprise Platform
• For more information please contact Tech.Compliance@boomi.com.

Laws and Regulations
Boomi, LP is committed to complying with all applicable laws and regulations. This includes U.S. laws related to the export and re-export of our products, services, and/or technical data (the “Boomi Products”) such as the following, without limitation:

• The Export Administration Regulations (EAR) (15 C.F.R. §§ 730.1 to 774.1), administered by the Bureau of Industry and Security of the U.S. Department of Commerce
• The International Traffic in Arms Regulations (ITAR) (22 C.F.R. §§ 120.1 to 130.17), administered by the Directorate of Defense Trade Controls of the U.S. State Department (Boomi does not have any products subject to ITAR)
• The Foreign Trade Regulations (FTR) (15 C.F.R. §§ 30.1 to 30.74), administered by the Census Bureau of the Commerce Department
• The Foreign Assets Control Regulations (FACR) (31 C.F.R. §§ 501.101 to 598.901), administered by the Office of Foreign Assets Control of the U.S. Department of the Treasury

Boomi Product License Information
Boomi, LP has obtained a formal Commodity Classification for its Boomi Products confirming the applicable Export Control Classification Numbers (ECCN) for each product. A complete Boomi Product Export Control Classification List can be found here. All Boomi Products in the Product Export Control Classification List are eligible for export with No License Required or are eligible for export under provisions of License Exception ENC. Any person or entity that exports, re-exports, or transfers the Boomi Products is responsible for compliance with any applicable U.S. export control laws, and to provide classification information at the time of export or re-export. It is the responsibility of any person or entity exporting or re-exporting the Boomi Products to provide the correct ECCN and Boomi makes no warranty or representation as to the accuracy or reliability of these classifications which are subject to change.

Export Restrictions
In accordance with the applicable U.S. export laws and regulations, Boomi prohibits the export, re-export, transfer, or provision of access of the Boomi Products to or by the following:

• Any entity or individual national of a country subject to U.S. embargoes or trade sanctions including of Cuba, Iran, North Korea (Democratic People’s Republic of Korea), Syria, Crimea, Donetsk, Luhansk regions of Ukraine, or any other country where it is known or have reason to know it would be contrary to U.S. or applicable laws or regulations.
• Any entity or individual on the Consolidated Screening List available at www.trade.gov/consolidated-screening-list For purposes of this policy, export, re-export, transfer, or provision of access shall include in-country transfers whether for the sale of Boomi Products or for beta, quality assurance, demonstration, or other purposes.

Please contact the Boomi Legal Department at Legal-Notice@boomi.com with any questions regarding export compliance for the Boomi Products.

Publicly Available Information
The Voluntary Product Accessibility Template is a document that explains how information and communication technology (ICT) products such as software, hardware, electronic content, and support documentation meet (conform to) the Revised 508 Standards for IT accessibility.

Boomi-specific Information
At Boomi, our mission is to empower organizations to instantly connect everyone to everything that they want. This mission requires us to work to ensure that everyone, regardless of their needs, is fully able to use and connect with our products. Boomi is committed to ensuring that accessibility remains a key focus throughout our development cycle. We work to understand and implement both emergent regulatory and legal requirements as well as industry standards and customer requested features. Our teams are trained on accessibility best practices so that we can improve accessibility throughout our platform. We are constantly working to ensure our new features and products meet the needs of individuals, organizations, and governments internationally. We are always looking for feedback and suggestions on how we can improve. Please let our accessibility teams know either through your assigned Success specialist, through the Boomi Community, or through e-mailing accessibility@boomi.com.

Documents

• Latest VAPT Report

Regulatory Compliance
Boomi agrees to adhere to all applicable laws and regulations in its use and development of AI. We stay informed about current and emerging laws and regulations that impact the use and development of AI tools and integrate regulatory compliance into the design, development, and use of AI tools through the entire lifecycle.

Accountability and Oversight
Boomi uses human oversight and control in the development, implementation, and use of AI tools. The development of AI is an iterative process and such oversight facilitates AI tools that perform as expected, in line with these principles, and continuously improving.

Data Privacy and Security
Boomi develops, implements, and uses AI tools that are secure according to the highest of industry standards. We understand the critical importance of our customers’ and partners’ data and we aim to prevent the unauthorized disclosure of such data. More information can be found through Boomi’s relevant security and privacy links provided below.

Risk Management
The value of AI tools is only as valuable so long as the benefits of the tools outweigh any potential risks. Boomi systematically identifies and assesses potential risks associated with the use and development of AI tools. Regular risk assessments are integrated into every stage of the AI lifecycle to proactively address emerging challenges.

Fairness and Non-Discrimination
Boomi is committed to the principles of diversity, equity, inclusion, and belonging. Boomi believes that it is imperative that the use of AI promotes fair and non-discriminatory results while minimizing bias. We implement human oversight, training, and other rigorous processes to uphold fairness and equality with respect to all individuals, particularly in the instance of people in protected or marginalized classes.

Transparency and Openness
Boomi wants its customers and partners to understand the capabilities and limitations of our AI tools. We do not deploy AI where we cannot explain its functionality and processes. This includes a thorough understanding of the data and models used in the development of our AI tools to confirm reliability. We strive to be transparent about the use of AI within our products. More information on the functionality, purpose, and limitations of Boomi’s AI tools can be found at the links below.

Human Rights and Welfare
Boomi implements mechanisms and safeguards to protect human rights such as freedom, dignity, and autonomy of individuals, customers, and partners in the use of our AI tools. We are committed to designing AI systems that actively avoid causing harm and contribute to the well-being and welfare of individuals, customers, and partners.

Ethical AI Design and Development
Boomi prioritizes the needs, rights, and well-being of all people in our AI design, development, and use. Ethical considerations are embedded into every stage of the AI lifecycle to confirm our AI tools are fair, equitable, and avoid bias.

Model Understandability
Boomi’s AI models are designed to be comprehensible and interpretable to our customers and partners. We strive to make available the necessary resources to help users understand the function, purpose, and limitations of our AI models. For more information, please refer to the links below.

Decision Justification
Boomi is committed to providing clear and detailed justifications for the decisions and recommendations made by our AI tools. We aim to be transparent about the data inputs that influence AI outputs so that our customers and partners understand the reasoning behind AI-driven outcomes.

Algorithmic Transparency
Boomi strives to be transparent in our use and development of AI toward our goal of fully demonstrating the source data, models, and outputs to our customers and partners. Boomi’s goal is to allow our customers and partners to trust Boomi’s compliance with these principles, particularly in the areas of security and data protection. For more information, please visit the links below.

Environmental Impact
Boomi recognizes the importance of minimizing the environmental impact of AI development and use. As we develop our AI systems, we strive for energy-efficiency and to reduce resource consumption to minimize our carbon footprint at every stage of their lifecycle, including in our disposal of AI systems.

Resource Efficiency and Optimization
Boomi is committed to optimizing the use of resources in our AI development processes. We consider concepts of computational power, data, and other resources. We aim to deliver our AI tools that perform at a high level while minimizing resource consumption.

Long-Term Viability and Scalability
Boomi’s AI tools are developed and deployed with long-term sustainability and scalability in mind. We strive to make our AI tools adaptable to future technological advancements and scalable to meet growing demands sustainably over time.

Socio-Economic Inclusiveness
Boomi aims to make our AI tools benefit all segments of society that utilize our AI tools. This includes providing non-discriminatory access to our AI tools and developing solutions that help our customers and partners promote their businesses in a socially responsible manner.

Boomi takes the privacy of our customers, partners and their customers and end-users seriously. Boomi has taken measures to support our customers’ and partners’ compliance with data protection requirements, including those set forth in the General Data Protection Regulation (“GDPR”), and other applicable data protection laws, such as the Data Protection Act 2018 of the United Kingdom and Section 3 of the United Kingdom’s European Union (Withdrawal) Act 2018 (“UK GDPR”), the Swiss Federal Act on Data Protection 1992, related data protection and privacy laws of the member states of the European Economic Area, Australia’s Privacy Act 1988, and the California Privacy Act 2018 (“CCPA”), each as applicable and as amended, repealed, consolidated or replaced from time to time.The global privacy landscape is ever evolving, and, as a result, Boomi’s privacy team has resources aligned by each business and functional organization to monitor our privacy program’s effectiveness and changes in applicable privacy laws.

The remainder of this page is intended to provide an overview of such resources and related information.

The EU’s General Data Protection Regulation (GDPR) is one of the most stringent data privacy laws in the world. It regulates not only personal data in the EU, but also EU citizen data that’s being transferred to the U.S. In addition to our GDPR compliance efforts, Boomi is proud to be a participant in the EU-U.S. Data Privacy Framework, the UK-US Data Privacy Framework and the Swiss-US  (DPF). Developed by the US Department of Commerce, the EU Commission, the UK Government and the Swiss Federal Administration, this framework, confirms that the US has adequacy status, for secure and compliant transfers of personal data between these countries and the United States, as if they remain inside the EU ensuring adherence to stringent data protection standards.

By integrating DPF principles into our operations, Boomi provides our customers and their end-users with additional confidence in the protection of their personal data. At Boomi, we are dedicated to keeping your data secure, our commitment to global privacy frameworks ensures your data is handled securely, transparently, and in compliance with evolving international regulations.

More information can be found here, while Boomi’s listing can be found via the DPF listing.

Initially, our GDPR Accountability Statement, which addresses our Privacy Program is located here. In GDPR terms, Boomi is a Processor with regard to the personal data that we process through the Boomi services on behalf of our customers (the Controller or Processor), in accordance with the Boomi Documentation and our underlying agreement with you. Where Boomi is a processor, our data processing agreement (DPA) shall apply to the provision of our services to you, the customer.

Boomi is a controller with regard to the personal data that Boomi collects and for which it determines the purposes and the manner in which the personal data is to be processed. Details of the data collected by Boomi in its capacity as Controller and our use of this data are described in our Privacy Policy.

Boomi engages various sub-processors to provide its services to you, the customer. Boomi maintains an up-to-date list of all sub-processors used by Boomi in connection with our services. All sub-processors engaged by us have suitable data processing agreements in place which impose obligations that are (a) relevant to the services sub-processors are to provide and (b) materially similar to the rights and/or obligations imposed on Boomi under our DPA.

Boomi’s standard DPA includes the SCCs adopted by the European Commission (EC) in June 2021. Our DPA confirms that the SCCs will apply automatically whenever customer usage of Boomi’s services involve the transfer of customer data to a country outside of the European Economic Area which has not received an adequacy decision from the EC (i.e., a “third country”).

As part of our DPA, these new SCCs will apply automatically. Through the use of the Boomi’s DPA (and the incorporated SCCs therein), customers can be comfortable that any personal data transferred to a third country via Boomi’s services has the same high level of protection that customer data receives in the EEA.

Boomi provides the following additional information which can help you, our customer, asses Boomi’s privacy and security program, including your own Transfer Impact Assessment:

• Data Flow White Paper
• Transfer Impact Assessment
• Transparency Report

Boomi’s DPA also contains our standard CCPA promise to you (and your data subjects). Thus, in addition to the numerous other applicable promises set forth in the DPA and elsewhere, Boomi will process personal data on behalf of the customer and will not retain, use, or disclose the personal data of any California residents for any purpose other than those set out in the underlying customer agreement (including the DPA) and as permitted under the CCPA. Furthermore, in no event will Boomi sell any personal data.

Boomi provides the following additional information which can help you, our customer, asses Boomi’s privacy and security program, including your own Transfer Impact Assessment:

• Data Flows White Paper
• Transfer Impact Assessment
• Transparency Report

Publicly Available Information
The Federal Risk and Authorization Management Program (FedRAMP) provides a standardized approach to security authorizations for Cloud Service Offerings.

Established in 2011, FedRAMP is a government-wide program that provides a cost-effective, risk-based approach for the adoption and use of cloud services by the federal government. FedRAMP empowers agencies to use modern cloud technologies, with an emphasis on security and protection of federal information by providing a standardized approach to security and risk assessment for cloud technologies and federal agencies. FedRAMP standardizes security requirements for the authorization and ongoing cybersecurity of cloud services in accordance with FISMA , OMB Circular A-130 [PDF – 536KB] … https://www.whitehouse.gov/wp-content/uploads/legacy_drupal_files/omb/circulars/A130/a130revised.pdf, and FedRAMP policy.

Boomi-specific Information
Boomi’s sponsoring agency, the United States Agency for International Development, and the FedRAMP Program Management Office (PMO) has determined Boomi has met the requirements for the controls in the FedRAMP Moderate baseline. FedRAMP Authorization indicated that Boomi has passed the rigorous security and risk management review process required to offer the Boomi platform to federal agencies, a mandate for any cloud service provider that serves the federal government. Boomi’s FedRAMP authorized services are a portion of Boomi’s offerings. Not every product or service is FedRAMP. Also, there are configuration steps required to implement the FedRAMP controls when you want that more controlled environment; for information on how to purchase and configure our FedRAMP offering please reach out to your Boomi Account Manager and request more information about our FedRAMP services.

Boomi is officially listed on the FedRAMP Marketplace – the central, online portal of approved cloud service offerings available for federal government use.

Those interested in the FedRAMP-certified Boomi Enterprise Platform please visit:

• Boomi Public Sector Website
• FedRAMP Marketplace
• federal.sales@boomi.com

View Supplier Principles

View Partner Code