- Application Hosting
- California Email Services
- Mobile Device Management
- Secure File Transfer
- Server Based Computing
- Tenant Managed
Page last updated on December 20, 2012
OTech is committed to providing a secure environment to meet the needs of its customers. As part of this commitment, OTech maintains an extensive security program that includes physical access control 24 hours per day, 7 days per week as well as event management and audit, intrusion protection, virus protection, and numerous other deterrent and detection methods.
To provide assurance of its commitment to security, OTech periodically engages information technology security-certified consultants to conduct vulnerability assessments, security testing, and compliance to industry standards. This process assures the security procedures and practices, used by OTech, protect systems from potentially malicious activities. Additionally, this effort tests OTech intrusion detection processes in order to identify opportunities to further reinforce their effectiveness.
For the protection of OTech and its customers, the particulars of the OTech security program are withheld. To obtain information about the OTech security, please contact an OTech Customer Service Representative to schedule a confidential discussion.
Security Consulting Services Included With Current Services
There are security descriptions for services on the following links:
Security Consulting Services We Offer to Your Organization
In addition to security consulting services that are part of a current service, the OTech Security Management Division offers security consulting services in the following areas. If you would like our assistance, please contact the Service Desk (by using the link to the right) to open a Service Request .
The State is committed to a program of active competition in the purchase of property and services. The State uses the Request for Proposal (RFP) procedure to solicit proposals from firms that are able to render professional service in areas desirable to an agency or organization. In the Information Technology arena, these RFP documents dictate proposed system requirements and Statements of Work (SOW) for which firms propose IT solutions. Due to the lengthiness of these RFPís it is easy to leave important Information Security best practices absent during its creation. In these instances, applying Information Security practices to systems beyond the RFP phase are proven to be more difficult as doing so delays project deliverables and in some cases increase project costs.
This is the best time to get OTech involved. The OTech, Security Management Division (SMD), offers services to assist you in the Information Security portions of your RFP. Information Security Specialists may be consulted with during your RFP development to ensure that the system you desire is safe and secure. Consulting with an Information Security Specialist during the development phases of your RFP will minimize or eliminate delays in your project implementation processes as a result of forgotten Information Security.
Vendor Bid Reviews (Confidential Discussions and post RFP)
The State is committed to a program of active competition in the purchase of property and services. The State uses the Request for Proposal (RFP) procedure to solicit proposals from firms that is able to render professional service in areas desirable to an agency or organization. In the Information Technology arena, these RFP documents dictate proposed system requirements and Statements of Work (SOW) for which firms propose IT solutions. Upon receiving these vendor bids, it is the responsibility of the requesting agency to review and evaluate the firm and solution for its satisfaction to the RFP.
The OTech, Security Management Division (SMD), offers consulting services during these confidential discussions with vendors to ensure Information Security practices are included in their proposed solutions. Whereas consulting with an Information Security Specialist during your RFP development is best, consultations during the bid review phases can also minimize or eliminate delays in your project implementation processes as a result of forgotten Information Security measures.
Security Architecture Review
The objectives of information security involve guarding data and information technology (IT) networks against many types of threats. Well planned security architectures are one mechanism that allows an organization to take a more planned and comprehensive approach to enterprise security. Evaluating and studying your organizationís security architecture helps assess your need for security countermeasures and determine the best approach to implement. Appropriate countermeasures will protect your data from attackers whose intentions are to do harm and support authorized users by preventing them from causing damage to IT resources.
The OTech, Security Management Division, offers consulting services to analyze your organizationís security architecture. An Information Security Specialist may assist in reviewing data flow diagrams, network infrastructure diagrams, or technical architecture diagrams for upcoming projects or existing systems. Our Information Security Specialists are available to uncover possible vulnerabilities as well as make recommendations on how to mitigate security risks of your technical architectures and/or IT projects.
Information Security Subject Matter Experts (SMEs)
The Subject Matter Expert (SME or smee) is that individual who exhibits the highest level of expertise in performing a specialized job, task, or skill within an organization. The OTech, Security Management Division, offers Information Security SMEs to its customers. Have you a need to acquire information for an IT project, obtain validation for an organizationís IT security process, or simply undergo IT security question and answer discussions, the Security Management Division is available.
Security Consulting Services We Are Planning
None at this time.
Information Security Resources
View the links below to learn more about some of the common information security topics effecting automated systems today.
- State Administrative Manual (SAM)
- National Institute of Standards and Technology (NIST) Security Controls (800-53)
- Payment Card Industry (PCI) Compliance
- Health Insurance Portability and Accountability Act (HIPAA) Ė Final Ruling
- The Office of Information Security (OIS)
- Information Systems Security Association (ISSA)
- California Highway Patrol (CHP)