The ScreenSteps Knowledge Base and Training Software falls into a category of software that is not subject to TX-RAMP.

From the "Texas Risk and Authorization Management Program Manual, Section IV - A: Characteristics and Categories of Cloud Computing Services Not Subject to TX-RAMP"

Certain cloud computing services are out-of-scope of TX-RAMP due to the unique characteristics of the cloud computing service. These are only out-of-scope of TX-RAMP provided that the cloud computing service does not: (1) create, process, or store confidential state-controlled data (except as needed to provide a login capability, e.g. username, password, email) or connect with agency systems or networks that create, process, or store confidential state-controlled data such that any security incident might affect such systems or networks.

The below cloud computing services are considered out of scope of TX-RAMP:

• ….
• Cloud computing services used to deliver training that do not create, process, or store confidential information;
• ….

ScreenSteps is typically used by universities, school districts, and state agencies to store non-sensitive procedural and training information - not confidential state-controlled data. ScreenSteps does not store any personal information beyond username, password, and email addresses for end-users.

Because of the nature of the data that is stored in ScreenSteps, it is not typically subject to TX-RAMP requirements.

ScreenSteps is a SOC 2 Service Organization which means we take information security very seriously. You can read more about our SOC 2 Type II attestation and what SOC 2 means here:

What is SOC 2 Compliance? What Does it Mean for Software Customers?

If you have any additional questions, please don't hesitate to contact us. A member of our team will be happy to answer any security or TX-RAMP questions that you may have regarding the ScreenSteps platform.