Our Partners close more business.
Use these powerful resources to win more business, faster, with less effort.
Call 877-411-2220 x121 for personal support with any opportunity.
RESET SEARCH
Hosting Quote Estimator
GET a FREE Sandbox or Trial Environment NOW
How To Use This Tool:
To find answers to common RFP and RFI questions, select a tag, or, search for terms like "security", "performance", etc. You will find common questions and answers grouped together in one record. Follow the tag links to refine your search. Supporting downloads and documentation are available, below.
Please login to obtain download access to additional supporting documentation. Registered users can also contribute to the database. You can request access by Contacting Us.
Supporting Documents
Please note that assets with generic thumbnail require login for access. If you require access please Contact Us.
© Omegabit LLC, 2023
Enter a Search Phrase or Select a Tag
Content with tag privacy .
Information Security - Privacy
Q:
List Information Security and Privacy policy.
A:
Due to the nature of application hosting, these practices are core and inherent to our regular of operations. A TOC outlining procedural content has been provided for reference; full content is obfuscated due to its proprietary and sensitive nature. The following outlines are provided: "Omegabit Disaster Recovery Plan TOC", "Omegabit IT Security Handbook", and the "Omegabit Employee Handbook". Collectively, these documents cover many of the issues identified in this list. Other items are covered by our Operational Wikis. Omegabit is also able to maintain a custom policy and procedures for customers with special needs, e.g. PCI, or similar compliance. A sample policy statement has been provided of an example maintained with a PCI compliant tennant. Please see also, the attachment "Federal Reserve Bank of New York - Omegabit Operations Policy Guidelines and Recommendations".
Omegabit provides extensive security training following best practices for PCI, FERPA, FEDRAMP and similar compliance modeled on industry standards and best practices. This includes emphasis on traditional IT and host infrastructure security for Internet providers, as well as specialized training relating to custom application designs and the implementation of Liferay, specifically. Many practices are modeled after requirements established from its broad base of customers operating sensitive applications for finance, healthcare, government, education and similar purposes. Omegabit is able to support most any compliance requirement and typically will establish operational policies that are considerate of best practices and the specific requirements of the Customer. A Table of Contents (TOC), outlining procedural content has been provided for reference; full content is obfuscated due to its proprietary and sensitive nature. The following outlines are provided: "Omegabit Disaster Recovery Plan TOC", "Omegabit IT Security Handbook", and the "Omegabit Employee Handbook". Collectively, these documents cover many of the issues identified in this list. Other items are covered by our Operational Wikis. Omegabit is also able to maintain a custom policy and procedures for customers with special needs, e.g. PCI or similar compliance. A sample policy statement has been provided of an example maintained with a PCI compliant tennant. Please see the attachment "Federal Reserve Bank of New York - Omegabit Operations Policy Guidelines and Recommendations".
Information Security - SOC 2, HIPPA, FERPA, FEDRAMP, PCI
Q:
Do you have documented physical security policy and procedures?
SSAE 16 / ISAE 3402 SOC 2 Type II audit or equivalent performed by a trusted source
Do you process, store or transmit FRS sensitive PII or PHI? If yes, are there documented Privacy Management Program policy and procedures?
Do you employ independent assessors or assessment team to conduct assessment of the security controls in information systems and services?
How often is this compliance audited? Please provide date and results from most recent audit.
A:
ref: Soc 2 Type II Facilities Compliance Report for Omegabit colocation' facilities managed by Digital West and alternate providers (available on request).
All omegabit facilities are audited by third-party compliance services for SOC-2 compliance are maintained to PCI compliance standards, by default. Omegabit hosted infrastructure is also frequently vetted and audited on a per-customer basis where specific compliance, e.g. PCI, FERPA, FEDRAMP, HIPAA, is required. These certifications must occur against the customer implementation and are typically performed in cooperation with the application sponsor and Client.
This technically falls under the auspice of control of our Client tenants with these requirements and their specific custom application design and implementation. However, we play a participating role in ensuring that issues relating to SOC 2/facilities compliance, data storage and transfer, managed operations and procedures, are performed in a manner that is commensurate with Client requirements. Actual secure data transmissions are accomplished via BOVPN, IPS, SSH, or HTTPS, LDAPS, or similarly secure means at the discretion of the customer and their custom application design. All popular means are supported and can be enabled and secured on request. Data storage encryption is also available on request.
This is performed on a per-client case-basis as required by Client in cooperation with the auditing service or agency of their choosing. Omegabit is able to self-certify and/or work with Client designated teams. Omegabit has established PCI, HIPAA, FERPA, and similar compliance with customers across various verticals and custom application designs. These assessments must be done on a per-Client case basis and be specific to the custom software implementation to be relevant. Compliance certifications, with the exception of Omegabit's SOC 2 facilities compliance, is not transferable across Client tenants, by definition.
The SOC-2 compliance audit is performed every 18-24 months.