Government Security FAQ

Below are a list of common security questions that arise for most government agencies at the Federal, State, or Local level.

How are IdeaScale servers secured?

IdeaScale owned and managed servers are co-located in geographically dispersed data centers. These data centers undergo periodic SSAE 16 SOC audits and are monitored for unauthorized access and service availability twenty-four hours a day.

Can IdeaScale communities be secured by SSL?

Yes. SSL can be enabled on an IdeaScale community. Search in the knowledge base for "SSL" for articles on how to enable this feature.

Has IdeaScale been penetration tested by an outside auditor?

Yes. Various Federal agencies have conducted security audits via manual and automated penetration tests.

Does my agency have to sign and approve a Paperwork Reduction Act waiver?

The GSA and OMB determined that the solicitation of ideas and comments from the public for purposes of promoting greater openness in government is generally exempt from Paperwork Reduction Act (PRA) requirements and review. According to an April 7, 2010 memo from the OMB, agencies can, consistent with the PRA, use social media and web-based interactive technologies to engage with the public and perform general solicitations of public views and feedback. The memo explains in detail that “[r]atings and rankings of postings or comments by website users are not considered ‘information’ under the PRA. More broadly, ‘information’ does not include functions common to social media tools that allow the public to rate, rank, vote on, flag, tag, label, or similarly assess the value of ideas, solutions, suggestions, questions, and comments posted by website users... [P]roviding users with the ability to rate comments through a thumbs-up/thumbs-down voting feature..on an agency-sponsored blog is not subject to the PRA.”

You can find the full OMB memo at:


Last Updated: July 26, 2023