Government Security FAQ

Below are a list of common security questions that arise for most government agencies at the Federal, State, or Local level.

Have the IdeaScale servers undergone a SAS 70 Type II audit?

Yes. All servers in our application cluster have been audited by a 3rd party party according to the SAS 70 guidelines. A copy of this audit can be obtained by contacting support, if necessary.

Can IdeaScale communities be secured by SSL?

Yes. SSL can be enabled on an IdeaScale community. Search in the knowledge base for "SSL" for articles on how to enable this feature.

Has IdeaScale been penetration tested by an outside auditor?

Yes. Various Federal agencies have conducted security audits via manual and automated penetration tests.

Does my agency have to sign and approve a Paperwork Reduction Act waiver?

GSA and OMB determined the solicitation of ideas and comments from the public for purposes of Open Government is generally exempt from Paperwork Reduction Act requirements and review. However, GSA submitted and OMB approved an emergency standard form clearance for the rating, ranking and flagging aspect of online citizen engagement tools used for purposes of Open Government. The collection of information requirements for Open Government Citizen Engagement Ratings, Rankings, and Flagging were approved on February 1, 2010 by OMB and assigned OMB control number 3090–0288.

More info here:

http://www.reginfo.gov/public/do/PRAViewICR?ref_nbr=201001-3090-003