Our Partners close more business.
Use these powerful resources to win more business, faster, with less effort.
Call 877-411-2220 x121 for personal support with any opportunity.
RESET SEARCH
Hosting Quote Estimator
GET a FREE Sandbox or Trial Environment NOW
How To Use This Tool:
To find answers to common RFP and RFI questions, select a tag, or, search for terms like "security", "performance", etc. You will find common questions and answers grouped together in one record. Follow the tag links to refine your search. Supporting downloads and documentation are available, below.
Please login to obtain download access to additional supporting documentation. Registered users can also contribute to the database. You can request access by Contacting Us.
Supporting Documents
Please note that assets with generic thumbnail require login for access. If you require access please Contact Us.
© Omegabit LLC, 2023
Enter a Search Phrase or Select a Tag
Content with tag access .
Access Control
Q:
Do you have a process that authorizes and maintains a list of authorized personnel, consultants and vendor for maintenance activities? If yes, do you grant temporary credentials for one-time use or a very limited time period?
Do you allow non-local maintenance? If yes, do you employ multi-factor authentication for all sessions and network connections, and terminate connection once completed?
A:
Database, search and other ancillary services operating within the Client private infrastructure are exclusive to the use of the Client and are not shared with any other user, Client, or application except where explicitly intended by the Client application design. All databse services access is restricted by firewall, connecting client IP, unique users id, view restrictions, and strong passwords. Omegabit will implement the most secure (off before on) style of access control by default, and coordinate with the Client to make informed, security-aware changes where required for the operation of the hosted application.
Access of this nature is always chaperoned.
All administration links require two-token VPN linked authentication (pass+comlex trust key), or SSH tunnel, plus single factor authentication for console access, and additional secondary authentication for privileged access, by default. All restrictions and controls are configurable per Client requirements. Strong (15-char, complex), and unique passwords are employed, always. Optional Google two-token public authentication, digital certificates and personal keys are also supported on request. Hardware based two-token authentigtation integration for Client systems is also supported as a customization.
Physical and Facilities Security and Access
Q:
Do you have documented physical security policy and procedures?
Do you have a process that restricts and maintains access to information facilities (data centers, computer rooms, computer/network labs, and telecommunication closets), and areas with Federal Reserve information to authorized personnel only?
Are access lists and authorization credentials reviewed at least annually?
Do you authenticate visitors before allowing access to facilities that are not designated as public access?
Do you have controlled entry points that use physical access devices and/or guards to facilities?
Do you change facility keys and combinations upon the lost, compromise, or individual transfer or termination?
Do you monitor physical access to facilities with real-time physical intrusion alarms and surveillance equipment?
Are visitors to the facilities logged, escorted and their activities monitored?
Do the facilities provide emergency power shutoff with switches or devices in locations where concentrations of information systems exists?
Do the facilities incorporate an uninterruptible and alternate power supply to protect against a short-term and long-term loss of primary power source?
Do the facilities have fire detection and fire suppression devices that activate automatically and notify emergency responders in the event of a fire?
Do the facilities employ automated mechanisms to monitor and maintain temperature and humidity level?
Do the facilities protect the information systems from damage resulting from water leakage by providing master shutoff valves that are accessible, working properly and known to key personnel?
Do you have formal procedures to ensure access privileges are reviewed on a periodic basis?
Describe the logical and physical security of your hosting facility.
A:
All facilities feature:
- 24x7 on-location staffing and site access control, CCTV surveillance
- Secure ID+Biometric access control to sensitive areas, mantraps
- Locked Cage, Cabinet infrastructure exclusive to Omegabit host operations
- Omegabit owns/manages all private cloud infrastructure from the public edge/redundant public interconnects
- All data is encrypted in transit between secure endpoints
- All Client traffic is exclusive to Client operations
- Customer datastores are exclusive to each Client and completely isolated
ref: Soc 2 Type II Facilities Compliance Report for Omegabit colocation' facilities managed by Digital West and alternate providers (available on request).
None; all data and storage is maintained and operated exclusively by Omegabit and specially authorized and trained personnel with special awareness for Liferay operations. No proposed services, or facilities in this proposal are to be outsourced to an additional third party and will be satisfied exclusively by Liferay and Omegabit and its affiliated facilities partners, where named.
Yes.
Current DL or Passport, or Government Issued ID.
Includes Biometric+Key pad, Mantraps, and human verification at all points of entry at all times; exclusive access to private locked cabinets.
Yes; all relevant access is immediately rekeyed and electronically controlled.
Yes.
Yes.
Yes.
(all locations) Commercial rack infrastructure mainline UPS (APC), Private Emergency Generator, 100% operating capacity; emergency pre scheduled and guaranteed fuel delivery for extended outages; regular testing and maintenance, redundant power paths to host infrastructure; locations immune to rolling outages.
Dual-interlock, dry-pipe pre-action fire suppression system.
Yes.
Yes.
Not ad-hoc, but needs basis.
System and Component Access
Q:
Do you track, control, authorize, and monitor information system components entering and exiting the facilities and maintain records for those items?
Do you control physical access to information system output devices (e.g. monitors, printers, audio devices, and etc.) to prevent unauthorized individuals from obtaining the output?
Are there third party service providers who have access to client related data and information systems? If Yes, provide subcontractor names and services provided.
A:
Physical items received into inventory are documented using conventional means including shipping log history and notations by Receiving. As it relates to facilities, equipment added to or removed from the racks is documented in the Omegabit Operations Wiki in a manner that is timestamped, auditable, and tracked for historical purposes.
Shared common or public resources for the exchange or reproduction of secure data are not employed or permitted by policy except where explicitly approved by the Client ; storage devices are encrypted for portalbe delivery and electronic transfer is performed via secure protocols and encrypted/keyed document storage. Printers are not employed to output secure information except under strictly controlled conditions (e.g. hard-copy archival output of sensitive information for secure storage, as an example, would occur under specifically controlled conditions; invoicing is another example of controlled output that is limtied to customers that specifically require paper processing by devices with limited access by authorized personnel); Omegabit prefers electronic, individually permissioned and audit logged access controls and methods of information exchange, for the purposes of security and whenever possible. Be advised that by default, passwords are communicated to authorized Client users via clear-channel communications to pre-authorized destinations, e.g., email or txt message, or telephone. This can happen via both automated means (e.g., Liferay can mail a password or password reset link to pre-confirmed email destinations), or, a Support representative may communmicate a password change to a verified and authorized user via email or txt communication. All of this can be disallowed and disabled at the Client's discretion.
None; all data and storage is maintained and operated exclusively by Omegabit and specially authorized and trained personnel with special awareness for Liferay operations. No proposed services, or facilities in this proposal are to be outsourced to an additional third party and will be satisfied exclusively by Liferay and Omegabit and its affiliated facilities partners where named.