Wellspring is a leading provider of IP and innovation management solutions, helping organizations track and commercialize their research portfolios. In 2024, Wellspring acquired Sopheon, a long-time Project Hosts customer with deep roots in the public sector. The acquisition brought together two companies with different approaches to federal cloud compliance, presenting an opportunity to align strategy moving forward.
While Wellspring had already begun exploring Project Hosts as a potential partner prior to the acquisition, Sopheon’s experience validated the choice. Sopheon had worked with Project Hosts since 2017 to achieve and maintain an IL5 Authority to Operate (ATO) with a DoD sponsor, using a fully managed model to support its government clients. Wellspring, by contrast, had achieved FedRAMP Moderate internally — managing infrastructure, audits, tooling, and documentation itself. The internal effort had proven resource-intensive and difficult to sustain at scale.
As Wellspring began integrating the Sopheon team and product line, it became clear that continuing to manage FedRAMP compliance in-house would be costly and distracting. Wellspring had already experienced the operational toll of managing authorization:
By contrast, Sopheon had never pursued internal compliance.
“We didn’t go down the route ever of trying to do it ourselves because we just looked at that and decided that wasn’t our business, and we didn’t want to make that level of investment,” said Mark Meakins, VP of infrastructure. Instead, Sopheon chose Project Hosts as its managed compliance partner from the beginning, successfully achieving a DoD IL5 ATO.
Before the acquisition, Wellspring had already begun discussions with Project Hosts while evaluating whether to maintain its DIY model or adopt a managed approach. The Sopheon acquisition didn’t drive that decision, but it did reinforce it. Seeing how well Project Hosts had supported Sopheon gave the Wellspring team added confidence that they were choosing a proven partner with a track record of delivering results.
“Wellspring was looking at how Sopheon had worked with Project Hosts and had a good partner that understood both the FedRAMP and DoD market,” Mark explained. “Wellspring immediately said, ‘How can we transition to Project Hosts and do the same thing?’”
After seeing the benefits of Project Hosts’ model, Wellspring leadership reevaluated their internal approach. They analyzed cost, staffing, vendor tool constraints, and operational overhead, and concluded that continuing to manage compliance themselves wasn’t sustainable at scale.
According to Rich Barndt, VP of engineering, he realized he’d need a product-sized team just to handle security and compliance. But the costs of salaries, fees, and management simply outweighed the business value.
“As a small company, it wasn’t even close,” he said, estimating a 2:1 cost-benefit ratio. “Working with Project Hosts was around 30-40% cheaper than what we could’ve done ourselves.”
More importantly, Project Hosts offered assurance. As Mark explained, Project Hosts is already familiar with the FedRAMP process and knows how to interpret controls and describe them correctly.
“It takes all the guesswork out of it,” he added. “Because Project Hosts is just doing what they’ve already done, instead of when you’re doing it yourself and you don’t have any idea what the standard of excellence is.”
So, Wellspring chose Project Hosts as its managed compliance partner. These services included:
Critically, the GSSOne’s open architecture allowed Wellspring to maintain technical freedom, preserving its existing DevOps workflows. “One of our applications is a collection of Linux machines,” Mark explained. “They have different services, components, installations, and CI/CD pipelines. We’ve been able to fit all those variations into the Project Hosts framework.”
Wellspring worked closely with Project Hosts through weekly meetings, shared task tracking, and agency communications. “The process makes it very, very simple,” Mark said. “There’s a good split between application ownership and managing your application’s compliance activities.”
With deep familiarity working in both FedRAMP and DoD environments, Project Hosts became a visible asset in client engagements, too. “It gave the clients great comfort because Project Hosts immediately understood what they needed and helped guide them through the process quicker,” Rich said.
Project Hosts’ presence in these meetings enabled all parties to move faster with greater confidence instead of going in circles.
Wellspring successfully transitioned its compliance responsibilities to Project Hosts, unifying two previously distinct approaches under a single, scalable model. By offloading the infrastructure, documentation, controls, and continuous monitoring to Project Hosts, the Wellspring team was able to focus on product development, customer delivery, and strategic growth.
With faster audit cycles, improved submission quality, and a more predictable compliance roadmap, Project Hosts eliminated much of the internal overhead previously required to maintain authorization. The result?
In addition to FedRAMP, Project Hosts helped Wellspring navigate DoD authorization. According to Rich, the members of the Wellspring team had no expertise at all in the Defense Industrial Base — but fortunately, they could leverage the specialized knowledge of their new compliance partner. Not only did Project Hosts run the process itself, but its people also spoke the DoD’s language and coordinated directly with the agency customer.
“That’s priceless,” Rich said. “We could get through the process and focus on our business, not on security and compliance — and that matters a lot.”
Wellspring is now positioned to grow its public sector footprint across federal, DoD, and state-level agencies. Project Hosts’ experience adds value to both vendor and client interactions, simplifying compliance for all stakeholders, including primes, contractors, and the broader Defense Industrial Base.
“If that’s your customer base, and you want to get started, it’s a matter of finding a partner like Project Hosts that can walk you through the system so you don’t have to do it all yourself,” Mark advised. “I think it comes down to whether you want compliance to be your main business or if you want a partner that makes it easy. If you have timeline or budget constraints, go to Project Hosts — they’re great.”
Ready to simplify your compliance journey? Connect with Project Hosts to learn how we support FedRAMP, DoD IL4 and IL5, and beyond.
©2025 by Project Hosts Inc.
