Our Partners close more business.
Use these powerful resources to win more business, faster, with less effort.
Call 877-411-2220 x121 for personal support with any opportunity.
RESET SEARCH
Hosting Quote Estimator
GET a FREE Sandbox or Trial Environment NOW
How To Use This Tool:
To find answers to common RFP and RFI questions, select a tag, or, search for terms like "security", "performance", etc. You will find common questions and answers grouped together in one record. Follow the tag links to refine your search. Supporting downloads and documentation are available, below.
Please login to obtain download access to additional supporting documentation. Registered users can also contribute to the database. You can request access by Contacting Us.
Supporting Documents
Please note that assets with generic thumbnail require login for access. If you require access please Contact Us.
© Omegabit LLC, 2023
Enter a Search Phrase or Select a Tag
Content with tag systems policy .
System and Communication Protection Policy
Q:
Do you have documented system and communications protection policy and procedures?
A:
Yes
System and Services Acquisition
Q:
Do you have a policy which documents your system and services acquisition program that includes information security considerations?
Do you include information security requirements, descriptions, and criteria, explicitly or by reference, in the acquisition contract for the services and products/systems?
A:
All relevant acquisitions undergo scrupulous review by senior security team members and, where relevant, senior management and are measured based on a number of risk criteria varying from cost impact, to security risk, liability, long-term sustainability, interoperability with other methods and systems, etc.
Yes. All relevant acquisitions undergo scrupulous review by senior security teams and Executive management, where relevant, and are vetted for impact relating to all facets of risk (modeled on DR and Risk Assessment considerations).
System configuration - prohibitions
Q:
Are your systems configured to provide only essential capabilities and specifically prohibit or restrict the use of unnecessary functions, ports, protocols, and/or services?
If mandatory configurations are not followed, are these exceptions document and maintained?
Do systems and softwares implement mandatory configuration settings using approved security configuration checklists?
Are only qualified and authorized individuals allowed to obtain access to system components for purposes of initiating changes, upgrades or modifications?
A:
An aggressive off before on strategy is employed by default for all levels of access and configuration.
Yes, Semi-automated
Per customer application specification and configuration requirements establish in close collaboration with Client and application development team.
Yes