OCD Tech, the IT Audit & Security division of O’Connor & Drew P.C., a Braintree MA CPA firm has been selected as a Candidate Cybersecurity Maturity Model Certification (CMMC) Third-Party Assessor Organization (C3PAO) by the CMMC Accreditation Body. Only C3PAOs are authorized to conduct CMMC assessments.  While OCD Tech has the Candidate C3PAO designation, until the DoD performs their own Level 3 audit of our firm, we cannot conduct the assessment as an Authorized C3PAO for the Organization Seeking Certification (OSC).   As of this writing, no C3PAOs are currently authorized to perform this level of work.

“I’m proud of everything the team here has done to get us ready for this important step in the rollout of the framework.  Especially all the work Kate Upton, IT Security Analyst, put in to make sure OCD Tech was ready to meet the strict requirements for this designation,” OCD Tech Partner Michael Hammond said. 

Definitions from the AB

• Applicant C3PAO - Companies that have APPLIED to be a C3PAO, but has not yet been cleared by the CMMC AB
• Candidate C3PAO - Companies that are CLEARED by the AB, and sent to DOD for CMMC Assessment scheduling
• Authorized C3PAO - Companies that have successfully completed a CMMC ML3 assessment
• Accredited C3PAO - Companies that have successfully completed the ISO 17020 Audit by the CMMC AB

About OCD Tech

OCD Tech is the IT Audit & Security division of O’Connor & Drew, P.C., a licensed CPA firm. The company has been providing assurance and advisory services for over 70 years. The IT Audit division provides assurance on SOC2, ISO 27001, other regulatory IT frameworks, including C3PAO for the CMMC framework. OCD Tech is headquartered in Braintree Massachusetts.  For more information about OCD Tech’s CMMC related services, visit ocd-tech.com/cmmc