Capabilities Overview

Transcription

1 Premier Provider of egov Services to the Commonwealth of Virginia Capabilities Overview May 2015 Your One Stop Shop for egov Services CAI ITCL Statement of Work Contract Application Development VITA egov Hosting Contract VA AISN VITA egov Operations and Maintenance Contract VA BPI Virginia SWaM Small Business #

2 Table of Contents Our Contracts... 2 Build: CAI Virginia IT Contingent Labor Contract Statement of Work (SOW)... 2 Host: VA AISN Hosting Services... 2 Maintain: VA BPI Web Applications Maintenance and Operations... 2 Our Services... 3 Application Development... 3 Application and Website Hosting... 3 Vulnerability Scanning for Applications and Websites... 3 HIPAA and FISMA Compliant Hosting... 3 Microsoft Azure... 3 Cloud Services... 3 PCI Compliant Payment Portals... 3 AIS Network Security and Compliance... 4 NIST Framework... 4 FISMA... 4 HIPAA... 4 SSAE PCI Compliance... 5 Contact Us... 6 Page1 AIS Network 8300 Greensboro Dr., Ste. 1100, McLean, VA Colonial Parkway, Inverness, IL Phone: x x 123

3 Our Contracts Currently supporting almost two dozen agencies, AIS Network is your One Stop Shop for egov services. As a SWaM certified Small Business, we can help your agency meet its SWaM targets, while building, hosting, and maintaining your application, portal, or website using the following contract vehicles. Build: CAI Virginia IT Contingent Labor Contract Statement of Work (SOW) As an authorized sub contractor to CAI, AISN can build your application, portal or website as a fixed price, deliverables based project. AISN can also provide Staff Augmentation services under this contract. More information on this contract can be found here: Host: VA AISN Hosting Services This egov Hosting Service statewide contract allows AISN to provide scalable hosting solutions for Web and non Web based applications and data to all public bodies in the Commonwealth of Virginia, including state agencies, universities, school systems and localities. There are no restrictions or limitations for nonexecutive branch agencies or other public entities. More information on this contract can be found here: Maintain: VA BPI Web Applications Maintenance and Operations As an authorized sub contractor to BroadPoint, AISN can provide: Operations and Maintenance for your new or existing web applications, and Payment Processing Applications (Including development, maintenance, and hosting). More information on this contract can be found here: Page2 AIS Network 8300 Greensboro Dr., Ste. 1100, McLean, VA Colonial Parkway, Inverness, IL Phone: x x 123

4 Our Services Some of the common solutions we offer are found below. However, we realize one size doesn t fit all, and are always ready to help you customize a solution for your unique needs. Application Development AISN offers fixed priced, deliverables based application development services under the Virginia IT Contingent Labor SOW Contract (aka CAI Contract). AIS Network delivers high quality website and application development with a deep understanding of our clients requirements and a focused eye on the target audience. AIS Network maintains expertise in content management systems such as SharePoint, SiteCore and WordPress along with programming frameworks like PHP, ASP.NET and C#. Application and Website Hosting Organizations that have mission critical websites that absolutely must be available turn to AISN. Whether it is a high profile geo redundant site such as or VDEM s and whether you are using SharePoint, Wordpress, Sitecore, Drupal, some other CMS, or no CMS at all, AISN has a customized solution to meet your needs. Vulnerability Scanning for Applications and Websites AISN offers vulnerability scanning, reporting, and remediation services to help your agency meet its requirements under SEC 501. Our Base Package consists of a single scan and report for $995, but we offer volume discounts for agencies requiring scans of multiple sites, or periodic scans of the same site. Remediation services are provided based on an agreed upon Scope of Work for your particular situation. We are committed to providing a customized package to meet your needs, so give us a call to discuss. HIPAA and FISMA Compliant Hosting All AISN hosting services are HIPAA and FISMA compliant and include the high security required to safeguard PHI, PII, and other sensitive data. By supporting your most sensitive sites, applications and databases in our state of the art data centers, AISN can help you maintain Health Insurance Portability and Accountability Act (HIPAA) of 1996 compliance. Microsoft Azure in addition to our High Security/High Compliance services, AISN also resells Microsoft Azure public cloud services. Cloud Services AISN offers Cloud Based Disaster Recovery, Public Cloud (great for test/dev servers, public facing websites, or sandboxing), High Security Private Cloud (Organizations that require high levels of compliance, security, scalability, enhanced performance, and availability choose the AISN High Security Private Cloud) and Hybrid Cloud. PCI Compliant Payment Portals Any network involved in transmitting credit card data must maintain PCI Compliance. Through the BroadPoint O+M contract, AIS Network delivers Commonwealth Security Approved solutions to ensure that the transmission of data always remains secure and compliant. Page3 AIS Network 8300 Greensboro Dr., Ste. 1100, McLean, VA Colonial Parkway, Inverness, IL Phone: x x 123

5 AIS Network Security and Compliance AISN understands security. We maintain high levels of compliance to serve customers ranging from federal agencies to state agencies to international pharmaceutical companies. We know how to handle and protect your sensitive information. NIST Framework AISN maintains a written Privacy Policy that governs the collection, maintenance, use and dissemination of personally identifiable information (PII). As part of its overall compliance strategy, including compliance with FISMA, AIS has implemented the NIST security control framework (800 53). These controls are reviewed annually by an independent third party as part of a comprehensive Risk Assessment process. FISMA AISN has successfully completed a FISMA Moderate Compliance Audit. This verifies that AIS Network recognizes the importance of information security by following a tailored set of baseline security controls from NIST Special Publication , and documents the physical, administrative, and technical safeguards AISN has implemented, the effectiveness of the AIS Network Risk Management Strategy, and how AISN s controls achieve FISMA Moderate compliance. HIPAA AISN s audit program ensures we stay abreast of the latest developments, including the recent changes to the HIPAA Security Rule. AIS Network offers HIPAA compliant hosting because we take the security and safekeeping of our clients PHI extremely seriously. All of our hosting services are HIPAA compliant and include the high security required to safeguard your Protected Health Information (PHI) data. We strive to comply with HIPAA regulations by implementing and maintaining a multi faceted, stringent Risk Assessment Process that takes into account the threats against PHI. AISN s Risk Assessment Program contains the following elements: Annual risk assessments Risk based selection and implementation of controls Ongoing monitoring of controls Semi annual testing and adjustment of controls Reporting to management for annual program update SSAE 16 Operating within an SSAE 16 audited data center does not make a hosting company SSAE 16 compliant. Our company AND our data centers maintain this level of compliance. SSAE 16 auditing standards focus on the controls of a service organization that are relevant to an audit of a user entity s financial statements. Federal regulations such as Sarbanes Oxley, Gramm Leach Bliley and the Health Insurance Profitability and Accountability Act (HIPAA) Page4 AIS Network 8300 Greensboro Dr., Ste. 1100, McLean, VA Colonial Parkway, Inverness, IL Phone: x x 123

6 require corporations to audit the internal controls of their suppliers, including those that provide technology services. AISN has implemented best practice controls demanded by their customers to address information security risks, and has been continuously SSAE 16 audited, by independent third party auditors, since As a result of these audits, an independent, third party auditor has issued an opinion that validates these controls and has performed tests that provide assurance regarding the managed solutions provided by AISN. PCI Compliance The PCI Security Standards are technical and operational requirements set forth by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The standards apply to all organizations that store, process or transmit cardholder data. The AISN network infrastructure maintains PCI compliance and we provide PCI compliant services for agencies engaged in the transmission of PII through our network. AISN maintains compliance with Self Assessment Questionnaire C and, as an additional measure, this compliance is verified in our FISMA audits. Ongoing compliance measures include SSL Certificate Encryption, quarterly network scans by an approved scan vendor, server security monitoring and an annual self assessment. Page5 AIS Network 8300 Greensboro Dr., Ste. 1100, McLean, VA Colonial Parkway, Inverness, IL Phone: x x 123

7 Contact Us Northern Virginia Office 8300 Greensboro Dr., Ste McLean, VA Midwest Sales Office 1611 Colonial Parkway Inverness, IL Correspondence P.O. Box 1697 Falls Church, VA By Phone Main: Sales: AISN (2476) Support: AISN Fax: Jay Atkinson CEO Kurt Baumann CTO Bill Peters Director of Sales x. 123 Page6 AIS Network 8300 Greensboro Dr., Ste. 1100, McLean, VA Colonial Parkway, Inverness, IL Phone: x x 123