Trust Center
This Trust Center provides you with resources demonstrating Sand Solutions' continuous commitment to safeguarding your data, ensuring privacy, and maintaining compliance. Here, you’ll find detailed information on our security practices, privacy protections, and compliance standards, reflecting our dedication to transparency and reliability. We strive to provide a secure, compliant, and resilient cloud environment, empowering you with the knowledge and resources needed to trust us as your PaaS and IaaS provider.
Annual Penetration Testing Update
Sand Solutions completed its annual penetration testing activities in accordance with the FedRAMP Penetration Test Guidance. Testing was performed by an independent 3PAO and included external phishing assessments, WebApp/API testing, network penetration testing, and authenticated tenant-to-tenant testing scenarios across the SGC2 environment.
No findings were identified during testing. We are currently reviewing the draft report.
Reference:
Annual Audit Update (SOC1, SOC2, FedRAMP)
Sand Solutions is currently within its annual audit cycle for the FedRAMP Moderate Rev. 5 Annual Assessment. Activities associated with this assessment cycle include ongoing evidence collection, control validation, operational reviews, and continuous monitoring activities across all FedRAMP Moderate Rev. 5 controls families.
Annual assessments for AICPA SOC 1 Type 2 and SOC 2 Type 2 have been completed with no findings identified during fieldwork. Draft reports are currently pending auditor review and issuance.
Sand Solutions is currently within its annual audit cycle for SOC 1 Type II and SOC 2 Type II. Beginning with the current cycle, the audit period has been updated to run from June 1 through April 30, with final reports issued and published to the Sand Solutions Trust Center (trust.sandsolutionslimited.com) by June 1. This change was implemented to better align audit timelines with our broader compliance program, including FedRAMP Moderate annual assessment activities. Prior audit reports covered the period from June 1 through May 31. All reports currently available in the Trust Center remain valid, and a bridge letter has been provided, where applicable, to address the transition between audit periods. Notifications will be issued through the Trust Center once updated reports are published, and users may subscribe there to receive updates. If you have any additional questions, please let us know.
Updated bridge letters for Type 2 SOC 1 and SOC 2 have been uploaded to the Trust Center and are now available for download.
FedRAMP Moderate Rev. 5 Equivalence Achieved
Sand Solutions is proud to announce that we have achieved FedRAMP Moderate Rev. 5 Equivalence in accordance with the DoD Memorandum for the Federal Risk and Authorization Management Program Moderate Equivalency for Cloud Service Provider’s Cloud Service Offerings (PDF).
This milestone, part of our initiative launched in August 2024, underscores our ongoing commitment to security, compliance, and trust.
Why this matters:
DoD FedRAMP Equivalency sets a higher standard than both standard FedRAMP Authorization and the FedRAMP Ready status many providers market. While Authorization may be granted by an agency that chooses to accept certain risks during the assessment, Equivalency requires 100% compliance with no Plans of Action and Milestones (POA&Ms) permitted. A complete Body of Evidence (BOE) is reviewed by a 3PAO, and the Risk Exposure Table (RET) must be fully remediated before equivalency can be granted.
To achieve this designation, Sand Solutions:
- Completed a full Body of Evidence (BOE) for the SGC2 (FedRAMP) environment, including our System Security Plan (SSP) with supporting policies and procedures, Security Assessment Plan (SAP), Plan of Action & Milestones (POA&M), and Security Assessment Report (SAR) — all fully remediated to meet DoD equivalency requirements.
- Met the requirements of DFARS 252.204-7012 and DFARS 252.204-7020.
Applies to: SGC2 (FedRAMP)