Our Partners close more business.
Use these powerful resources to win more business, faster, with less effort.
Call 877-411-2220 x121 for personal support with any opportunity.
RESET SEARCH
Hosting Quote Estimator
GET a FREE Sandbox or Trial Environment NOW
How To Use This Tool:
To find answers to common RFP and RFI questions, select a tag, or, search for terms like "security", "performance", etc. You will find common questions and answers grouped together in one record. Follow the tag links to refine your search. Supporting downloads and documentation are available, below.
Please login to obtain download access to additional supporting documentation. Registered users can also contribute to the database. You can request access by Contacting Us.
Supporting Documents
Please note that assets with generic thumbnail require login for access. If you require access please Contact Us.
© Omegabit LLC, 2023
Enter a Search Phrase or Select a Tag
Contenidos con etiqueta compliance audit .
Information Security - SOC 2, HIPPA, FERPA, FEDRAMP, PCI
Q:
Do you have documented physical security policy and procedures?
SSAE 16 / ISAE 3402 SOC 2 Type II audit or equivalent performed by a trusted source
Do you process, store or transmit FRS sensitive PII or PHI? If yes, are there documented Privacy Management Program policy and procedures?
Do you employ independent assessors or assessment team to conduct assessment of the security controls in information systems and services?
How often is this compliance audited? Please provide date and results from most recent audit.
A:
ref: Soc 2 Type II Facilities Compliance Report for Omegabit colocation' facilities managed by Digital West and alternate providers (available on request).
All omegabit facilities are audited by third-party compliance services for SOC-2 compliance are maintained to PCI compliance standards, by default. Omegabit hosted infrastructure is also frequently vetted and audited on a per-customer basis where specific compliance, e.g. PCI, FERPA, FEDRAMP, HIPAA, is required. These certifications must occur against the customer implementation and are typically performed in cooperation with the application sponsor and Client.
This technically falls under the auspice of control of our Client tenants with these requirements and their specific custom application design and implementation. However, we play a participating role in ensuring that issues relating to SOC 2/facilities compliance, data storage and transfer, managed operations and procedures, are performed in a manner that is commensurate with Client requirements. Actual secure data transmissions are accomplished via BOVPN, IPS, SSH, or HTTPS, LDAPS, or similarly secure means at the discretion of the customer and their custom application design. All popular means are supported and can be enabled and secured on request. Data storage encryption is also available on request.
This is performed on a per-client case-basis as required by Client in cooperation with the auditing service or agency of their choosing. Omegabit is able to self-certify and/or work with Client designated teams. Omegabit has established PCI, HIPAA, FERPA, and similar compliance with customers across various verticals and custom application designs. These assessments must be done on a per-Client case basis and be specific to the custom software implementation to be relevant. Compliance certifications, with the exception of Omegabit's SOC 2 facilities compliance, is not transferable across Client tenants, by definition.
The SOC-2 compliance audit is performed every 18-24 months.