Become DMF audit certified to access the Limited Access Death Master File (LADMF).
In 2016, the Social Security Administration began requiring security certification for companies accessing the SSA Death Master File. In response, Lazarus Alliance began offering companies ACAB DMF audit certification assessments. Today, we remain one of the most of experienced LADMF DMF audit certification firms in the nation.
Lazarus Alliance primarily uses the NIST Framework for Improving Critical Infrastructure Cybersecurity and the NTIS Limited Access Death Master File (LADMF) Certification Program Publication 100 as guidelines to satisfy the requirements of the rule. Alternatively, we will also examine existing FedRAMP, StateRAMP, SOC 1, SOC 2, or ISO 27001 certifications and attestations in accordance with NTIS Limited Access Death Master File Certification Program Publication 100, Lazarus Alliance Security & Risk Services evaluates criteria to include:
- Information Secure Storage
- Restricting Access to LADMF Information
- Disposing of Limited Access DMF Information
- Information Security guidance in accordance with ACAB DMF audit requirements
Additionally, we conduct an initial scoping of the environment where we will determine, based on how and where the LADMF is handled, the extent to which we can “pull-forward” testing results from any previous assessments. Upon completion of the DMF audit assessment, and upon the satisfactory completion of any associated remediation efforts, Lazarus Alliance submits a completed LADMF ACAB Systems Safeguards Attestation Form (Form NTIS FM100A) in accordance with NTIS procedures, to the NTIS on our client’s behalf.
We work smarter, not harder, to drive down your costs by giving you access to Continuum GRC's ITAM application, the number one ranked LADMF-ready SaaS GRC DMF audit software solution. This solution is the only FedRAMP certified assessment application tailor-made for the LADMF.
With years of experience working with our clients for our clients, not against them with scope-creep and annual price hikes.
Proactive not Reactive
We work with our LADMF clients proactively throughout the year to help prevent threats to your LADMF compliance program.
With the time and expense required to remain LADMF DMF audit certified, you don't want to risk a compliance exposure that would drive up your costs and invalidate your valuable attestation.
Start to Finish in Record Time
Our proven LADMF 3PAO assessment approach and technology dramatically improves the completion process. We average a huge 46% reduction in the traditional assessment time due to our critical path methodology, proactive philosophy and usage of the Continuum GRC ITAM platform, you have 24/7 access allowing everyone to get-in-and-get-out quickly.
Talk with one of our experts
Our Lazarus Alliance Cybervisor™ teams have experience performing thousands of assessments for organizations providing services to clients around the world.
We're here to answer any questions you may have.
More In-Depth Program Information
The LADMF, or Limited Access Death Master File, contains sensitive information that cannot be disclosed during the three-year period following an individual’s death, including:
- Social Security Number
- Date of Birth
- Date of Death
Effective November 28, 2016, organizations face a more stringent certification process to be granted access to the DMF. To access the DMF, an individual or entity must:
- Have a legitimate fraud prevention interest; or
- Have a legitimate business purpose to a law, government rule, regulation, or fiduciary duty
The main changes that organizations need to be prepared for are:
- Annual recertification by the organization seeking access
- Third-party conformity attestation every three years
- Agreement to schedule and unscheduled audits, conducted by the National Technical Information Service (NTIS) or the Accredited Conformity Assessment Body (ACAB) at the request of NTIS
- Fines up to $250,000 per year for noncompliance
The entity wishing to access the DMF must submit written attestation from an ACAB to prove that the appropriate systems, facilities, and procedures are in place to safeguard information and maintain the confidentiality, security, and appropriate use of the information.
To better understand the requirement, organizations can find the sample certification forms here:
- Subscriber Certification Form – Sample
- Accredited Conformity Assessment Body Systems Safeguards Attestation Form – Sample
- State or Local Government Auditor General or Inspector General Systems Safeguards Attestation Form – Sample
Subscriber Certification must be completed annually. The LADMF Systems Safeguards Attestation Form must be completed every three years.
The U.S. Department of Commerce’s National Technical Information Service (NTIS), the governing body behind the DMF, can conduct both scheduled and unscheduled compliance audits and fine organizations up to $250,000 for noncompliance, with even higher penalties for willful violations. Due to the potential for substantial fines, it is important that entities be able to implement the appropriate systems facilities, and procedures to safeguard the information.
How Lazarus Alliance Can Help
Lazarus Alliance is an ACAB that can attest to organizations’ systems and procedures in place. Lazarus Alliance utilizes various published information security standards, including the NIST 800-53, AICPA SOC 2 and ISO 27001 to satisfy the rule’s audit requirements.
Since 2017, Lazarus Alliance has been working to help our clients meet their DMF audit requirements, and has successfully submitted the appropriate attestation forms to NTIS, resulting in certification for our clients. We have extensive experience testing the controls required by LADMF and understand the certification process and requirements.