Due to the nature of our business and services, Risk Management is an inherent part of our DR planning lifecycle and includes business factors including finance, infrastructure, personnel, liabilities, etc. A quarterly assessment of these risks is performed as part of our regular strategic planning lifecycle. This information is proprietary.

Please see the SOC 2 Type II compliance facilities report and "Federal Reserve Bank of New York - Omegabit Operations Policy Guidelines and Recommendations" document supplied with this response. We frequently participate in customer-specific audits performed by Clients using their preferred standard or methodology, typically, PCI/PII, FERPA, FEDRAMP, HIPAA, or similar compliance. These are completed by internal Client security teams or third parties, at the Client's discretion. These compliance certifications must typically be established proprietary the customer's specific software and infrastructure implementation and are private.

This is inherent to our regular mode of operations and procedures and is refreshed in an ongoing basis to keep pace with evolving threats and best practices. Formal reviews occur quarterly. However, these matters are addressed on an almost daily basis due to the nature of operations. Please see the responses to tab 1 for more information.

Yes

ref: Omegabit Internal Operations Wiki and Customer Environment Ticketed Request system, Omegabit Operations Portal, Omegabit IT Security Handbook

ref: Omegabit Disaster Recovery Plan TOC

Due to the nature of our business and services, Risk Management is an inherent part of our DR planning lifecycle and includes business factors including finance, infrastructure, personnel, liabilities, etc. A quarterly assessment of these risks is performed as part of our regular strategic planning lifecycle. This information is proprietary.

Liferay executes regular security assessments and publishes hotfixes and notifications concerning newly discovered threats within the Liferay framework. It is the responsibility of the Client or application sponsor to determine the applicability of these risks and to integrate published fixes into any custom built software. As the runtime manager, Omegabit assumes responsibility to assist with the deployment of any/all compatible security related patches or changes to the Liferay runtime and its supporting components (OS, DB, Web acceleration, etc.; the "stack", collectively), which are provided or approved for use by the application sponsor. As this relates to hosting and runtime operations, notifications are also provided concerning any relevant security or stability related risk or action. This is addressed in the hosting SLA. Circumstances relating to security or other immediate threat are escalated and responded to with the highest internal priority. Important Note: Most host providers will <not> monitor or respond proactively to risks at the OS level or inside the Liferay application container. This is a noteworthy and unique benefit of Omegabit Liferay Enterprise Portal Hosting services, which monitors and assumes responsibilty for <ALL> layers of the application infrastructure and Liferay runtime. And, maintains specific operational awareness and sensitivity to the purpose and compliance requirements of its Client's hosted environments. Omegabit monitors, manages, and responds to all relevant threat conditions - malicious or otherwise- proactively, at all layers of the infrastructure on the behalf of it's Client tennats.

Omegabit does not advertise or post knowledge of its customer activities or operations under any circumstance without prior knowledge and consent of any affiliation. ref: Part 1, Section 1: Acceptable Use Policy of Omegabit IT Security TOC