Our Partners close more business.
Use these powerful resources to win more business, faster, with less effort.
Call 877-411-2220 x121 for personal support with any opportunity.
RESET SEARCH
Hosting Quote Estimator
GET a FREE Sandbox or Trial Environment NOW
How To Use This Tool:
To find answers to common RFP and RFI questions, select a tag, or, search for terms like "security", "performance", etc. You will find common questions and answers grouped together in one record. Follow the tag links to refine your search. Supporting downloads and documentation are available, below.
Please login to obtain download access to additional supporting documentation. Registered users can also contribute to the database. You can request access by Contacting Us.
Supporting Documents
Please note that assets with generic thumbnail require login for access. If you require access please Contact Us.
© Omegabit LLC, 2023
Enter a Search Phrase or Select a Tag
Content with tag policy .
Asset Management
Q:
Do you have an Asset Management Policy?
A:
Physical asset management is documented in the Omegabit Internal Operations Wiki as part of its asset controls for company servers and equipment. This information cannot be shared due to its proprietary and sensitive nature, but is comprehensive in nature and regularly updated to keep current with inventory control.
Information Security - Wireless
Q:
Do you have an established usage restrictions and implementation guidance for wireless access?
Does wireless access require authorization before connection?
Are wireless connections encrypted using WPA2 or higher?
Do you monitor and restrict connection and use of unauthorized mobile devices, writable, removable media in information systems?
Do you employ full-device encryption or container encryption to protect the confidentiality and integrity of the client information on mobile devices?
Wireless Policy
A:
Ref: Omegabit Employee Handbook, Guidelines and Operations Wiki procedures.
Yes.
Any secure communications are further tunneled and wrapped in either IPSec or SSH depending on the nature of connection. All wifi connections including LAN Wifi are hardened similarly as with public or unprotected network links.
Yes.
IPSec, SSL, SSH (256-bit)
Wireless Policy: This is documented in Part III, Section 6. Wireless Communication Standard, IT Security Handbook.
Personnel & Contractors - Rules and Policies
Q:
Acceptable Use? If yes, are they required to sign/acknowledge the policy?
Code of Conduct / Ethics and conflict-of-interest? If yes, are they required to sign/acknowledge the policy?
Confidentiality Agreement / Non-Disclosure Agreement? If yes, are they required to sign/acknowledge the policy?
Are employees and contractors required to comply with security policies in which non-adherence is subject to disciplinary action, up to and including termination and/or civil or criminal liability?
Have you established rules that govern users (employees and contractors) on the expected behavior with regards to information and information system usage?
Do you have an established usage restrictions and implementation guidance for wireless access?
A:
Yes.
Yes.
Yes.
Yes.
Generally speaking, any externalized service is specifically contracted to match or exceed the terms and conditions of any relevant Client project or activity and parties are required to agree to complementary terms of engagement that are commensurate with Client and SLA requirements.
Yes
Personnel & Contractors - Security Policies
Q:
Do you have Mobile Device / BYOD / MDM Document?
Do you have Workstation Security Document?
Do you have Acceptable Use Policy?
Do you have Access Control Policy?
Do you have Remote User Policy?
Do you have a Password Policy?
Do you have an Encryption Policy?
Do you provide Personnel Security Training?
Do you have documented personnel security policy and procedures?
Do you have a Clean Desk Policy?
Are system support personnel trained on security responsibilities based on their role?
A:
This is documented in Omegabit Employee Handbook, Section 6. Rules of Conduct
This is documented in Part 2, Section 1, Workstation Security Policy, IT Security Handbook
This is documented in Part I, Section I, Acceptable Use Policy, IT Security Handbook
This is documented in Part 3, Section 3, Remote Access Policy and Part 3, Section 2, Bluetooth Baseline Requirements
This is documented in Part III, Section 3. Remote Access Policy, IT security Handbook
This is documented in Part 1, Section 8, Password Construction Guidelines, IT security Handbook
This is documented in Part 1, Section 5, Acceptable Encryption Policy, IT security Handbook
Personnel Security is covered as a component of onboarding and training as it relates to work environment and surroundings. And, is also a notable component of info security training as it relates to the an individual's perceived value or risk as it relates to access to information.
ref: Omegabit Employee Handbook
This is documented in Part I, Section 2. Clean Desk Policy, IT Security Handbook
Yes
Personnel & Contractors - Termination & Transfer
Q:
Do you have Termination and Transfer Policy?
Upon termination of an employee or contractor, do you immediately terminate access to systems, and retrieve all company assets (i.e. equipments/devices, PCs, access cards, keys, smart cards, tokens, cell phones, information and documentation)?
Upon the transfer of an employee or contractor, do you review the logical and physical access authorizations to verify that the authorizations are still appropriate?
Upon the transfer of an employee or contractor, do you review the logical and physical access authorizations to verify that the authorizations are still appropriate?
A:
Yes; this is strictly enforced as a key component of Omegabit's secure operations.
Upon termination of an employee or contractor, Omegabit immediately terminates access to systems, networks, infrastructure –virtual and real-, and retrieves all company assets (i.e. equipment/devices, PCs, access cards, keys, smart cards, tokens, cell phones, information and documentation).
This is documented in Omegabit Employee Handbook, Section 4.7
Employee handbook internal documentation and HR procedures; includes proprietary actions and is sensitive in nature.
Yes.
Yes
Physical and Facilities Security and Access
Q:
Do you have documented physical security policy and procedures?
Do you have a process that restricts and maintains access to information facilities (data centers, computer rooms, computer/network labs, and telecommunication closets), and areas with Federal Reserve information to authorized personnel only?
Are access lists and authorization credentials reviewed at least annually?
Do you authenticate visitors before allowing access to facilities that are not designated as public access?
Do you have controlled entry points that use physical access devices and/or guards to facilities?
Do you change facility keys and combinations upon the lost, compromise, or individual transfer or termination?
Do you monitor physical access to facilities with real-time physical intrusion alarms and surveillance equipment?
Are visitors to the facilities logged, escorted and their activities monitored?
Do the facilities provide emergency power shutoff with switches or devices in locations where concentrations of information systems exists?
Do the facilities incorporate an uninterruptible and alternate power supply to protect against a short-term and long-term loss of primary power source?
Do the facilities have fire detection and fire suppression devices that activate automatically and notify emergency responders in the event of a fire?
Do the facilities employ automated mechanisms to monitor and maintain temperature and humidity level?
Do the facilities protect the information systems from damage resulting from water leakage by providing master shutoff valves that are accessible, working properly and known to key personnel?
Do you have formal procedures to ensure access privileges are reviewed on a periodic basis?
Describe the logical and physical security of your hosting facility.
A:
All facilities feature:
- 24x7 on-location staffing and site access control, CCTV surveillance
- Secure ID+Biometric access control to sensitive areas, mantraps
- Locked Cage, Cabinet infrastructure exclusive to Omegabit host operations
- Omegabit owns/manages all private cloud infrastructure from the public edge/redundant public interconnects
- All data is encrypted in transit between secure endpoints
- All Client traffic is exclusive to Client operations
- Customer datastores are exclusive to each Client and completely isolated
ref: Soc 2 Type II Facilities Compliance Report for Omegabit colocation' facilities managed by Digital West and alternate providers (available on request).
None; all data and storage is maintained and operated exclusively by Omegabit and specially authorized and trained personnel with special awareness for Liferay operations. No proposed services, or facilities in this proposal are to be outsourced to an additional third party and will be satisfied exclusively by Liferay and Omegabit and its affiliated facilities partners, where named.
Yes.
Current DL or Passport, or Government Issued ID.
Includes Biometric+Key pad, Mantraps, and human verification at all points of entry at all times; exclusive access to private locked cabinets.
Yes; all relevant access is immediately rekeyed and electronically controlled.
Yes.
Yes.
Yes.
(all locations) Commercial rack infrastructure mainline UPS (APC), Private Emergency Generator, 100% operating capacity; emergency pre scheduled and guaranteed fuel delivery for extended outages; regular testing and maintenance, redundant power paths to host infrastructure; locations immune to rolling outages.
Dual-interlock, dry-pipe pre-action fire suppression system.
Yes.
Yes.
Not ad-hoc, but needs basis.