Our Partners close more business.
Use these powerful resources to win more business, faster, with less effort.
Call 877-411-2220 x121 for personal support with any opportunity.
RESET SEARCH
Hosting Quote Estimator
GET a FREE Sandbox or Trial Environment NOW
How To Use This Tool:
To find answers to common RFP and RFI questions, select a tag, or, search for terms like "security", "performance", etc. You will find common questions and answers grouped together in one record. Follow the tag links to refine your search. Supporting downloads and documentation are available, below.
Please login to obtain download access to additional supporting documentation. Registered users can also contribute to the database. You can request access by Contacting Us.
Supporting Documents
Please note that assets with generic thumbnail require login for access. If you require access please Contact Us.
© Omegabit LLC, 2023
Enter a Search Phrase or Select a Tag
Content with tag security policy .
Information Security Plan, policies and processes
Q:
Do you have a security plan for this system that defines the security controls required, and re-evaluate on an annual basis or when major changes occur?
Do you have an organization wide information security program that has been documented, approved by management and communicated to appropriate constituents?
Do you have documented security assessment and authorization policies and procedures, or equivalent?
Do you have a security authorization process for information systems?
Do you have a continuous monitoring program in which you perform ongoing security controls assessment, ongoing updates to security plan, security assessment report, and plan of action and milestones?
A:
Ref: Omegabit IT Security Handbook, Omegabit Operations Wiki and procedures
Yes. This is inherent to our regular mode of operations and procedures and is refreshed on an ongoing basis to keep pace with evolving threats and best practices. Formal reviews occur quarterly. However, these matters are addressed on an almost daily basis due to the nature of operations.
This is inherent to our regular mode of operations and procedures and is refreshed in an ongoing basis to keep pace with evolving threats and best practices. Formal reviews occur quarterly. However, these procedures are addressed on an almost daily basis due to the nature of operations. Please see the responses to tab 1 for more information. ref: Omegabit Internal Operations Wiki and Ticketed Request systems.
This is tracked via secure customer support and ticket requests systems and customer wikis. All documented changes are also timestamped and auditable for historical reference. ref: Omegabit Internal Operations Wiki and Ticketed Request systems.
This is inherent to our regular mode of operations and procedures and is refreshed in an ongoing basis to keep pace with evolving threats and best practices. Formal reviews occur quarterly. However, these procedures are addressed on an almost daily basis due to the nature of operations. Please see the responses to tab 1 for more information. ref: Omegabit Internal Operations Wiki and Ticketed Request system
Personnel & Contractors - Rules and Policies
Q:
Acceptable Use? If yes, are they required to sign/acknowledge the policy?
Code of Conduct / Ethics and conflict-of-interest? If yes, are they required to sign/acknowledge the policy?
Confidentiality Agreement / Non-Disclosure Agreement? If yes, are they required to sign/acknowledge the policy?
Are employees and contractors required to comply with security policies in which non-adherence is subject to disciplinary action, up to and including termination and/or civil or criminal liability?
Have you established rules that govern users (employees and contractors) on the expected behavior with regards to information and information system usage?
Do you have an established usage restrictions and implementation guidance for wireless access?
A:
Yes.
Yes.
Yes.
Yes.
Generally speaking, any externalized service is specifically contracted to match or exceed the terms and conditions of any relevant Client project or activity and parties are required to agree to complementary terms of engagement that are commensurate with Client and SLA requirements.
Yes
Security Controls
Q:
Do you have a process that tests/evaluates the required security controls are implemented correctly, operating as intended, enforcing the desired security policy, and meeting established security requirements?
A:
Yes. This is the collective responsibility of all parties: Liferay regularly evaluates and publishes fixes for evolving threats relating to the software framework and any customizations under their direct control. Similarly, Omegabit is responsible to ensure that the environments under its management and control are maintained and regularly checked, monitored, patched, and configured to prescribed standards. And also to help educate and inform the Client on any related concerns or actions that may be required. And, it is also the responsibility of the Client to ensure that any customization or configuration inside the portal, which the Client affects or is the originator of, is thouroughly tested and maintained to standards, and to verify the integrity of its security controls inside Liferay for any and all customizations - this is particularly important during change release cycles where the underlying changes impact or relate to permissions or other key areas of security or functionality in Liferay.