services: IT Security

Continued recognition underscores Firm’s outstanding IT security services offerings

SAN FRANCISCO, May 11, 2021 — BPM, one of the 50 largest public accounting and advisory firms in the country, has been recognized as a Registered Provider Organization (RPO) by the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB).

The CMMC-AB is an independent nonprofit organization that authorizes and accredits third-party assessment organizations, assessors and instructors in accordance with federal requirements. The CMMC-AB offers five certification levels that reflect the reliability and achievement of a company's cybersecurity infrastructure to safeguard sensitive government information on contractors' information systems.

This registration reflects BPM’s strategic decision to become part of the CMMC ecosystem by completing a background investigation. The Firm is now listed (“registered”) on the CMMC-AB Marketplace — a registration which must be reviewed and renewed annually.

“Within the enterprises and contract agencies that wish to do business with the federal government, there is an urgent and real requirement to re-verify appropriate levels of basic cyber security,” said Sarah A. Lynn, head of BPM’s IT Security Advisory practice and Partner-in-Charge of the Firm’s Fairfield office. “CMMC audits and certification now being requirements for certain contracts, demand is so high that practitioners are often selected months before audits. This is where BPM IT Security Advisory can step in to support those desiring or required to gain CMMC certification.”

“This certification illustrates the elite level of service we reach for in our innovative and diversified Advisory practice,” said Nick Steiner, BPM’s Advisory Practice Group Leader. “Our full-service model, which addresses client needs across the business, is a key differentiator for BPM. IT security being such a major concern of our clients, we are pleased to be able to offer this timely BPM service.”

This recognition represents another achievement for BPM’s Security Operations Center (SOC), which received ISO 27001 certification in February 2021. BPM’s SOC is an innovative, fully managed SOC-as-a-Service (SOCaaS) offering that allows clients to offload some of the burden of cybersecurity and data protection. Further, the volume and domain specificity of BPM’s SOC business allows their team to provide these services more efficiently than most in-house teams, resulting in greater cost savings for clients.

Learn more about BPM’s IT Security Advisory Practice and BPM’s Security Operations Center.

About BPM

BPM LLP is one of the 50 largest public accounting and advisory firms in the country. With more than 600 professionals along the West Coast — as well as an office in Bengaluru — we help clients succeed around the world. We offer a cross-functional team approach that gives clients direct access to the best and most qualified resources. To learn more, visit us at

Related Insights