Our Partners close more business.
Use these powerful resources to win more business, faster, with less effort.
Call 877-411-2220 x121 for personal support with any opportunity.
RESET SEARCH
Hosting Quote Estimator
GET a FREE Sandbox or Trial Environment NOW
How To Use This Tool:
To find answers to common RFP and RFI questions, select a tag, or, search for terms like "security", "performance", etc. You will find common questions and answers grouped together in one record. Follow the tag links to refine your search. Supporting downloads and documentation are available, below.
Please login to obtain download access to additional supporting documentation. Registered users can also contribute to the database. You can request access by Contacting Us.
Supporting Documents
Please note that assets with generic thumbnail require login for access. If you require access please Contact Us.
© Omegabit LLC, 2023
Enter a Search Phrase or Select a Tag
Content with tag change management .
Information Security - Change & Configuration Management
Q:
Change Management Policy?
Configuration Management Policy?
Do you have a formal change management program which document, test the changes to determine potential security impact, validate and approve changes to the system before implementing the changes on production?
A:
(Yes to all)
Change management is documented with visibility by the customer and application sponsors via security ticketing system supplied by Omegabit for the purposes of approval workflow, audit, and historical record. Customer specific Wikis are also maintained to help document information that is proprietary to the Client implementation and that is important to all parties.
Configuration management is documented with visibility by the customer and application sponsors via security ticketing system supplied by Omegabit for the purposes of approval workflow, audit, and historical record. Customer specific Wikis are also maintained to help document information that is proprietary to the Client implementation and that is important to all parties.
SDLC Change Management
Q:
Describe the SDLC/Program Change controls for application changes, system software changes and hardware changes, including vendor management approval and testing of changes.
How do you handle change management?
A:
Omegabit does not determine the SDLC process preferred by the Client, but is able to support specific needs relating to approval, push assistance, automation, etc.
Omegabit's seasoned Professional Services group can also serve as an extension of your development and administration teams to help with ongoing change management, optimization, security, and other critical lifecycle maintenance.
Generally speaking an authorized Client representative will use the Omegabit support ticketing system to submit a request, track its approval, and get updates on the status and outcome. With the exception of critical emergencies with eminent security risk, or in the case of a known fault remedy, Omegabit will always coordinate with the Client on change management planning, procedures, and scheduling before proceeding with modifications to the environment.
- Enter a ticket request
- Ticket will follow desired approver workflow as stipulated by Client
- Ticket is updated with status and information during processing and stored for historical reference for closed items.
System Configuration
Q:
Do you have documented configuration management policy and procedures?
Do you have and maintain current baseline configurations for each type of system?
If yes, do you review and update it at least annually?
If yes, do you review and update when significant changes?
If yes, do you review and update as an integral part of system component installations and upgrades?
Do you retain older versions of baseline configurations as deemed necessary to support rollback?
Do you conduct security impact analysis for changes to systems by qualified security professionals prior to change implementation?
A:
(Yes to all)
This is inherent to our regular mode of operations and procedures; see previous answers concerning change management and control, documentation and procedure; the same answers apply. ref: Omegabit Operations Wiki
This is inherent to our regular mode of operations and procedures; see previous answers concerning change management and control, documentation and procedure; the same answers apply. ref: Omegabit Operations Wiki
These templates and images are continuously improved and updated as new information becomes relevant to operations (monthly, typically)
System configuration - prohibitions
Q:
Are your systems configured to provide only essential capabilities and specifically prohibit or restrict the use of unnecessary functions, ports, protocols, and/or services?
If mandatory configurations are not followed, are these exceptions document and maintained?
Do systems and softwares implement mandatory configuration settings using approved security configuration checklists?
Are only qualified and authorized individuals allowed to obtain access to system components for purposes of initiating changes, upgrades or modifications?
A:
An aggressive off before on strategy is employed by default for all levels of access and configuration.
Yes, Semi-automated
Per customer application specification and configuration requirements establish in close collaboration with Client and application development team.
Yes