Our Partners close more business.
Use these powerful resources to win more business, faster, with less effort.
Call 877-411-2220 x121 for personal support with any opportunity.
RESET SEARCH
Hosting Quote Estimator
GET a FREE Sandbox or Trial Environment NOW
How To Use This Tool:
To find answers to common RFP and RFI questions, select a tag, or, search for terms like "security", "performance", etc. You will find common questions and answers grouped together in one record. Follow the tag links to refine your search. Supporting downloads and documentation are available, below.
Please login to obtain download access to additional supporting documentation. Registered users can also contribute to the database. You can request access by Contacting Us.
Supporting Documents
Please note that assets with generic thumbnail require login for access. If you require access please Contact Us.
© Omegabit LLC, 2023
Enter a Search Phrase or Select a Tag
Content with tag security .
Disaster Recovery
Q:
Is there a plan for Incident Response?
Do you have a Disaster Recovery Document?
Do you have policy and procedures which document your business continuity (BC) and disaster recovery (DR)?
Do you have BC/DR plans that assure the continuity of service and products provided to meet client's RTO and/or RPO?
Are roles and responsibilities documented in the contingency plans?
Do you conduct business impact analysis at least annually?
Do you provide contingency training to your staffs according to assigned roles and responsibilities at least annually?
Have you conducted BC/DR tests/exercises on this system with all appropriate parties in the last 12 months and revise the plans to address changes and problems encountered during implementation and testing?
Is the system included in your organization's business continuity and disaster recovery (BC/DR) plan?
In terms of crash and DR Omegabit offers multiple redundant layers of protection including but not limited to:
In terms of crash and DR recovery Omegabit offers multiple redundant layers of protection including but not limited to:
What type of business continuity and disaster recovery options are included as part of this solution? Is this part of the standard services?
How are the backup data stored?
A:
This is documented in Omegabit Internal Operations Wiki.
This is documented in Omegabit Disaster Recovery Handbook, Section 1.1 to 1.4 and Section 2.3
ref: Omegabit Disaster Recovery Plan TOC
Yes. Per agreed upon SLA.
Yes. ref: Omegabit Disaster Recovery Plan TOC
Yes. ref: Omegabit Disaster Recovery Plan TOC
Yes. ref: Omegabit Disaster Recovery Plan TOC, Omegabit Operations Portal, and Training curriculums
Yes. The DR plan was recently exercised and updated in Q2 of 2017. A certified statement can be provided by executive management certifying this, provided the vetting proceeds to the next round.
ref: Omegabit Disaster Recovery Plan TOC
● Logical and physical redundancy at the VMWare, JVM, repository and other critical layers of the runtime environment stack
● Warm-spare redundant Liferay architecture (proposed)
● Server failover capability
● Rapid nearline backup recovery
● Comprehensive off site DR for catastrophic failure
In the event that a high-availability portal configuration is required, redundant nodes of the HA configuration will be purposefully isolated to discrete server and backend infrastructure as a complement to that logical HA configuration, to the benefit of higher reliability and faster recovery under various logical/physical architecture failure scenarios.
Omegabit operates comprehensive SNMP and service level monitoring of all configured hosts and services. Triggers are adjustable and set by default to detect failures as well as symptoms of imminent failure. Monitor alerts are responded to by live personnel, 24x7x365, and acted upon according to severity, per the terms of our SLA.
The core physical host infrastructure is inherently HA in terms of disk arrays, storage and network paths, physical servers, switching, etc. Omegabit operates a modern VMWare based infrastructure. In the case of most physical failures services are designed to continue transparently with no observable interruption to operations. In the case of logical failures, the VM, JVM, and Liferay backend service configuration is proposed as an HA setup, to practical limits. If a higher level of resilience is required than is proposed, we are able to accommodate that as additional scope. Disaster Recovery (DR) is an inherent component of the regular day-to-day operations performed by Omegabit, as a core function of the hosting operations is supplied for all tenants.
Omegabit offers multiple redundant layers of protection including but not limited to:
● Logical and physical redundancy at the VMWare, JVM, repository and other critical layers of the runtime environment stack
● Warm-spare redundant Liferay architecture (proposed)
● Server failover capability
● Rapid nearline backup recovery
● Comprehensive off-site DR for catastrophic failure
Backups snapshots of the entire VM stack are performed every 2hrs, and the offsite archives of those backups are continuous to a second physical location. Retention for 2hr snaps for 48hrs, dailys for 30 days, and weeklys for 16 weeks. We can accommodate longer retention if necessary. Some of these retention policies impact RPO.
For PCI, you may want logs to last up to 1yr but, that can be accomplished through application design or by depending on our backups. We recommend using both strategies depending on your reporting needs.
Backups should be considered for disaster recovery purposes only. Our retention policy is variable and based upon data volume. Depending upon the environment, rollbacks to the previous day, several days, weeks are available, but with sporadic snapshots between periods. Therefore, a specific point-in-time recovery may not be possible. We are typically able to restore backward up to several weeks depending upon the total size of your store.
Omegabit can provide additional backup and archival services to meet specific requirements on a needs basis. Please contact your sales representative for more information.
Omegabit features a comprehensive alternate-site DR recovery plan that includes regular off-site archives using Omegabit owned and managed equipment. Backup to the public cloud (e.g. Amazon), is optional but requires special arrangement and may not be compatible with some PII/HIPAA requirements. Specific features for disaster recovery vary by tier of service; please see the SOW for complete details on RTO/RPO times and obligations.
Information Security - Change & Configuration Management
Q:
Change Management Policy?
Configuration Management Policy?
Do you have a formal change management program which document, test the changes to determine potential security impact, validate and approve changes to the system before implementing the changes on production?
A:
(Yes to all)
Change management is documented with visibility by the customer and application sponsors via security ticketing system supplied by Omegabit for the purposes of approval workflow, audit, and historical record. Customer specific Wikis are also maintained to help document information that is proprietary to the Client implementation and that is important to all parties.
Configuration management is documented with visibility by the customer and application sponsors via security ticketing system supplied by Omegabit for the purposes of approval workflow, audit, and historical record. Customer specific Wikis are also maintained to help document information that is proprietary to the Client implementation and that is important to all parties.
Personnel & Contractors - Security Policies
Q:
Do you have Mobile Device / BYOD / MDM Document?
Do you have Workstation Security Document?
Do you have Acceptable Use Policy?
Do you have Access Control Policy?
Do you have Remote User Policy?
Do you have a Password Policy?
Do you have an Encryption Policy?
Do you provide Personnel Security Training?
Do you have documented personnel security policy and procedures?
Do you have a Clean Desk Policy?
Are system support personnel trained on security responsibilities based on their role?
A:
This is documented in Omegabit Employee Handbook, Section 6. Rules of Conduct
This is documented in Part 2, Section 1, Workstation Security Policy, IT Security Handbook
This is documented in Part I, Section I, Acceptable Use Policy, IT Security Handbook
This is documented in Part 3, Section 3, Remote Access Policy and Part 3, Section 2, Bluetooth Baseline Requirements
This is documented in Part III, Section 3. Remote Access Policy, IT security Handbook
This is documented in Part 1, Section 8, Password Construction Guidelines, IT security Handbook
This is documented in Part 1, Section 5, Acceptable Encryption Policy, IT security Handbook
Personnel Security is covered as a component of onboarding and training as it relates to work environment and surroundings. And, is also a notable component of info security training as it relates to the an individual's perceived value or risk as it relates to access to information.
ref: Omegabit Employee Handbook
This is documented in Part I, Section 2. Clean Desk Policy, IT Security Handbook
Yes
Physical Security
Q:
Do you have a Physical Security Document?
A:
This is documented in Omegabit Internal Operations Wiki