VITA Contract VA-120416-AISN(Statewide contract available to any public entity in the Commonwealth)
Premier Provider of eGov Services to the Commonwealth of Virginia
Virginia SWaM Small Business #697064
Table of Contents
Who Is AIS Network? ... 2
Our Services ... 3
Cloud Computing ... 3
High Security Private Cloud ... 3
Disaster Recovery/Data Protection ... 3
Managed Hosting ... 4
Website Hosting ... 4
SharePoint Hosting ... 4
PCI Compliant Payment Processing ... 4
Application Development ... 4
Platform ... 4
Other Services ... 4
Monitoring and Other Services ... 5
How Secure Is AIS Network? ... 6
NIST Framework ... 6
FISMA ... 6
SSAE 16 ... 6
PCI Compliance ... 6
Does AIS Network Guarantee Its service? ... 7
Superior Response Time ... 7
Latency and Packet Loss ... 7
Network Uptime ... 7
Power and HVAC ... 8
Virtual Servers ... 8
Hardware ... 8
Who Are AIS Network Customers? ... 9
Government ... 9
Health and Pharmaceutical ... 10
Energy and Natural Resource ... 10
Financial Services ... 10
Who Is AIS Network?
Now celebrating its 21st anniversary, AIS Network takes organizations to the cloud. AISN is headquartered in
McLean, Virginia with offices in Chicago, IL and Richmond, VA. Unlike some of our competitors, AISN’s core
competency is running IT infrastructure and mission critical applications for enterprise customers who need to be
fanatical about security, compliance and network availability.
Among other distinctions, AISN is the premier provider of eGov hosting services to the Commonwealth of Virginia.
AISN hosts the Commonwealth of Virginia’s Portal www.virginia.gov, and provides hosting, High Availability, and
disaster recovery services for scores of applications and websites across more than a dozen state agencies.
We also serve major corporations and other large enterprises throughout North America, with a strong presence
in the pharma, health care, and financial services industries. As a FISMA Compliant and SSAE 16 audited hosting
company, operating from Tier 3 and Tier 4 data centers in Northern Virginia and Chicago, we take security,
compliance, and network uptime and availability very seriously. Our networks are managed to PCI, HIPAA and
Sarbanes Oxley compliance requirements.
Over the last two decades, we have made it our business to meet customers’ industrial strength requirements for
security, privacy, availability, response time, backup and recovery, continuity of operations, and records
Whether you’re using our high compliance private cloud, public cloud, hybrid cloud, or good old‐fashioned
dedicated hosting, we take the worry out of your IT. Our world‐class, disaster‐resistant facilities and commitment
to quality service ensure that our customers aren’t just satisfied—they love us.
Some of the common solutions we offer are found below. However, we realize one size doesn’t fit all, and we are
always ready to help you customize a solution for your unique needs.
o Infrastructure as a Service (IaaS)
o Platform as a Service (PaaS)
oSoftware as a Service (SaaS)
High Security Private Cloud– Organizations that require high levels of compliance, security,
scalability, enhanced performance, and availability choose the AISN High Security Private Cloud.
Microsoft selected AISN as one of seven hosting companies in the US for its Private Cloud Deployment
Program, which leverages System Center 2012, Windows Server 2012, and Hyper‐V to create a seamless
Cloud environment. AISN also has extensive experience providing Cloud services on the VMWare
Disaster Recovery/Data Protection– Rather than just backing up data files, the AISN solution
allows our customers (whether hosted with AISN or in their own data centers) to restore their protected
infrastructure to the Cloud, dramatically improving recovery times while decreasing expense. Depending
on your needs, we offer local backup, geographically dispersed cloud based backup within our network,
and geographically dispersed cloud based backup outside our network.
Bronze Silver Platinum
Local Bare Metal Backups
72 hour File Retention
4 hour Snapshots
AISN Disaster Recovery Site
Additional image of backup maintained in a
geographically remote AISN data center.
Dedicated Alternate Networking
Dedicates alternate IP addresses at
DR site for faster and guaranteed recovery.
Additional image of backup maintained in a cloud
storage facility outside of the AISN network.
o For on premise environments or hosted environments
o Rapid provisioning of physical or virtual machines
o Proactive security patching and software updates
o Managed server backup
o Advanced monitoring
o Full administrative access
Website Hosting– Organizations that have mission critical websites that absolutely must be available
turn to AISN. Whether it is a high profile geo‐redundant site such as www.virginia.gov, the Virginia
Department of Emergency Management www.vaemergency.gov, or one of the numerous production sites
for our commercial clients, AISN has a customized solution to meet your needs.
SharePoint Hosting– Among the first to deploy SharePoint 2010 and SharePoint 2013, AISN has been
hosting SharePoint for enterprise level customers for more than 12 years. From international
pharmaceutical companies, to technology companies, to consumer goods companies, some of the biggest
names in industry rely on AISN to host their mission critical SharePoint environments. Read more about
AISN and SharePoint here: http://digitalmagazine.thewhir.com/i/124989/33
PCI Compliant Payment Processing –AISN offers Commonwealth Security‐approved payment
processing capabilities under the BroadPoint O+M Contract.
Application Development –AISN offers fixed priced, deliverables based application development
services under the Virginia IT Contingent Labor SOW Contract (aka CAI Contract).
Hyper-V or VMWare
SQL, MySQL, Oracle, Informix
Operating Systems: Windows Server, Linux
High Speed SAN Storage
DNS switching service
Data replication service
Monitoring and Other Services
1. Monitoring: Infrastructure monitoring services are provided in order to ensure availability and
responsiveness of hardware, software, and services. We use IP Monitor to define remote
a. Server, router, firewall availability
b. Web site availability
c. Service availability (such as the SQL Server Service)
d. Disk space utilization
e. CPU utilization
f. and countless others
Each monitor has its own threshold and triggering criteria and defined with consultation from the
client. Actions as a result of a monitor alert include email or pager notification to a technician (and
the client, if desired), who will respond within 15 minutes or less to the alert.
2. Vulnerability and penetration monitoring are performed daily via manual reviews of web site,
server, and firewall logs. Anomalies are reported to the client. Defensive actions in emergencies
may be taken by the hosting company prior to client‐notification if a situation arises where any
delay in establishing a defense cannot be tolerated. We can also arrange for optional
vulnerability and penetration testing by independent third parties.
3. Operating system upgrades ‐ Operating systems will be kept current by patching and upgrading
as Microsoft releases its monthly updates. We will not upgrade any version of an operating
system beyond its major version number without coordination with the client. The client can opt
out of any and all patches and upgrades if they feel, for example, it may have a negative impact
on their application.
4. Software upgrades or service patch updates – This is treated similar to the operating system
upgrades above. We will maintain software as long as it’s within the same major version. We
will not upgrade any software beyond the current major version unless the client is aware of,
and agrees to the upgrade. And again, the client can opt out of any and all upgrades.
5. Operating system and hardware troubleshooting – We will provide at no cost ongoing
troubleshooting of any hardware or software issues as long as they are not caused by the
client’s activities or neglect.
6. Software Upgrades. We will install operating system and application software upgrades as
requested by the software company unless the client specifically requests to not do so. For
example, each month Microsoft releases software upgrades which Microsoft identifies as
Critical, Important, or Optional. We will apply all Critical and Important upgrades. The client can,
at their discretion, choose to not have the upgrades applied.
7. Hardware upgrades. Hardware is upgraded as needed to ensure delivery of the service we have
contracted for. In general hardware stays in place unless it breaks or there is a performance
need to upgrade. We generally have an N+1 configuration and replace any hardware that fails
How Secure Is AIS Network?
AISN understands security. We maintain high levels of compliance to serve customers ranging from federal
agencies to state agencies to international pharmaceutical companies. We know how to handle and protect your
personally identifiable information (PII). As part of its overall compliance strategy, including compliance with
FISMA, AIS has implemented the NIST security control framework (800‐53). These controls are reviewed
annually by an independent third party as part of a comprehensive Risk Assessment process.
AISN has successfully completed a FISMA Compliance Audit. This verifies that AIS Network recognizes the
importance of information security by following a tailored set of baseline security controls from NIST Special
Publication 800‐53, and documents the physical, administrative, and technical safeguards AISN has implemented,
the effectiveness of the AIS Network Risk Management Strategy, and how AISN’s controls achieve FISMA
Operating within an SSAE 16 audited data center does not make a hosting company SSAE 16 compliant. Our
company AND our data centers maintain this level of compliance. SSAE 16 auditing standards focus on the controls
of a service organization that are relevant to an audit of a user entity’s financial statements. Federal regulations
such as Sarbanes‐Oxley, Gramm‐Leach‐Bliley and the Health Insurance Profitability and Accountability Act (HIPAA)
require corporations to audit the internal controls of their suppliers, including those that provide technology
AISN has implemented best practice controls demanded by their customers to address information security risks,
and has been continuously SSAE 16 audited, by independent third party auditors, since 2009. As a result of these
audits, an independent, third‐party auditor has issued an opinion that validates these controls and has performed
tests that provide assurance regarding the managed solutions provided by AISN.
The PCI Security Standards are technical and operational requirements set forth by the PCI Security Standards
Council (PCI SSC) to protect cardholder data. The standards apply to all organizations that store, process or
transmit cardholder data.
The AISN network infrastructure maintains PCI compliance and we provide PCI compliant services for agencies
engaged in the transmission of PII through our network. AISN maintains compliance with Self‐Assessment
Questionnaire C and, as an additional measure, this compliance is verified in our FISMA audits. Ongoing
compliance measures include SSL Certificate Encryption, quarterly network scans by an approved scan vendor,
Does AIS Network Guarantee Its Service?
Our “Service Quality Guarantee” Is Our Premium SLA
At AISN, our Service Quality Guarantee provides unmatched customer service and support and offers better
guarantees of reliability, scalability and performance over the Internet by combining a premium Service Level
Agreement (SLA) with Service Quality Management.
That's the power of AISN. We can guarantee these levels of reliability and performance because we connect
redundantly to and leverage major Internet backbone connections and use intelligent, performance‐based routing
technology to select a superior path to deliver your traffic.
Superior Response Time
AISN guarantees a response in 15 minutes or less to any network server alert that may occur. With 24x7x365
onsite network engineers, you are assured of a superior and immediate around the clock response to your mission
critical web sites or applications.
Should a response take longer than 15 minutes, you will be eligible for a credit of 5% of your regular monthly fees
for that month.
Latency and Packet Loss
While AISN proactively monitors latency and packet loss within its own network, we do not proactively do this for
individual customers. If AISN becomes aware, through its own monitoring or by being alerted by a customer, that
transmission latency in excess of 55 milliseconds (“Latency”) or packet loss in excess of one percent (1%) (“Excess
Packet Loss”) is occurring between any two routers in the continental US, AISN will use reasonable efforts to
determine and correct the cause of the excess latency and packet loss.
If average packet loss is more than 1% over a one‐month period and the problem is on AISN’s LAN or WAN,
customers will be eligible for a credit equal to one day on their monthly bill. Packet loss over the Internet will be
calculated by averaging measurements between various points located in various represented geographies during
a one‐month period. If average latency exceeds 55 milliseconds over a one month period, and the problem is on
AISN’s LAN or WAN, effected customers will be eligible for a credit equal to one day on their monthly bill.
AISN guarantees that our network will be available 100% of the time in a given month, excluding maintenance
windows which are scheduled with the customer. Customers will be able to receive and transmit information
from other portions of the internet to the AISN network without “Downtime,” which is defined as a customer
experiencing sustained packet loss of more than 50%.
Customers who experience network Downtime will be eligible for a credit of 5% of their monthly fees for each 30
Power and HVAC
AISN guarantees that power and HVAC in our data centers will be functioning 100% of the time in any given
monthly billing period, excluding scheduled maintenance.
Customers who experience Downtime due to power or HVAC failures will be eligible for a credit of 5% of their
monthly fees for each 30 minutes of downtime.
AISN guarantees that all virtual servers including CPU, storage, and virtualization layer, will be functional. Should
a virtual server fail, AISN guarantees that restoration or repair will be complete within one hour of problem
Should a virtual server not be restored to functionality within one hour, the affected customer will be eligible for
a credit of 5% of their monthly fees for each hour of downtime in excess of the first hour.
AISN guarantees that all server hardware components (including processor(s), RAM, hard drives, motherboards,
NIC cards and related hardware) will be functional, and will be replaced at no cost to you should they fail.
Hardware replacement will be completed within one hour once AISN identifies the cause of the problem.
Should a hardware failure take more than one hour from the time of problem identification, the affected customer
will be eligible for a credit of 5% per additional hour of downtime.
Who Are AIS Network Customers?
Health and Pharmaceutical
Energy and Natural Resource