Certified 3rd Party Assessment Organizations, or C3PAOs, play a vital part in the CMMC Ecosystem.  Without them, CMMC assessments cannot be performed.  The CMMC Accreditation Body (“CMMC-AB”) has defined a four-phase C3PAO certification process that culminates with the C3PAO achieving ISO 17020 accreditation once the CMMC-AB is accredited under ISO 17011.  Both the CMMC-AB’s and C3PAOs’ ISO/IEC accreditation requirements are spelled out in the Statement of Work that accompanies the no-cost contract entered into by the CMMC-AB and US Department of Defense.  Although ISO accreditation is not an immediate necessity for C3PAOs to begin facilitating CMMC assessments, prudent C3PAOs are looking to learn more about the requirements and starting their audit preparations now.  We were joined on Friday May 21, 2021 by Victoria Delaney of Continuous Process Improvement Systems and Tara Lemieux of ANTS Corp. who discussed a variety of topics including the differences between ISO 17020 and 17021, what C3PAOs can expect during an ISO audit, how long an audit typically takes, and “typical” audit costs. Vicki was also kind enough to provide...

You must be a member of our Communities to access this content.  If you are a member, please login.  If you would like to join our Communities, please register.