Description of the Administration of Verizon Terremark Colocation Services Relevant to Security and Availability

Transcription

1 Service Organization Controls 2 Report Description of the Administration of Verizon Terremark Colocation Services Relevant to Security and Availability For the Period from November 1, 2012 to October 31, 2013 With Independent Service Auditor s Report including Tests Performed and Results Thereof We Are VERIZON INTEGRITY - RESPECT - PERFORMANCE - EXCELLENCE - ACCOUNTABILITY

2 Verizon Communications Inc. Description of the Administration of Verizon Terremark Colocation Services Relevant to Security and Availability for the Period from November 1, 2012 to October 31, 2013 Table of Contents Verizon Communications Inc. s Management Assertion... 1 Independent Service Auditor s Report... 4 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, Company Overview... 8 Boundaries of the System... 8 Components of the System Description of the Control Environment, Control Activities, Information Communication, Monitoring and Risk Assessment Processes Control Environment Management Controls Monitoring Risk Assessment Information and Communication and Controls Physical Security Environmental Safeguards Network Availability Business Continuity and Disaster Recovery Certain User Entity Obligations (CUO) Description of, Controls, Tests, Tests Performed of Entity-Level Controls and Controls Security and Availability Policies Security and Availability Communications Security and Availability Procedures Security and Availability Monitoring Other Information Provided by Verizon Communications, Inc APPENDIX A Required Policy Components

3 Verizon Communications Inc. s Management Assertion February 21, 2014 We have prepared the accompanying Description of the Administration of Verizon Terremark Colocation Services for the period from November 1, 2012 to October 31, 2013 (Description) of Verizon Communications Inc. (Service Organization) based on the criteria in items (a)(i)-(ii) below, which are the criteria for a description of a service organization s system set forth in paragraph 1.34 of the AICPA Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (the description criteria). The Description is intended to provide users with information about the Administration of Verizon Terremark Colocation Services (System), particularly system controls, intended to meet the criteria for the security and availability principle(s) set forth in the AICPA s TSP section 100, Trust Services Principles,, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (applicable Trust Services criteria). Verizon Terremark Colocation Services data centers included in the Description are in the following geographic locations: Amsterdam, The Netherlands Bogota, Colombia Culpeper, VA Istanbul, Turkey Miami, FL Richardson, TX Santa Clara, CA Sao Paulo, Brazil The management of Verizon Communications Inc. confirms, to the best of its knowledge and belief, that: a. the Description fairly presents the System throughout the period from November 1, 2012 to October 31, 2013, based on the following description criteria: i. the Description contains the following information: (1) The types of services provided. (2) The components of the System used to provide the services, which are the following: Infrastructure. The physical and hardware components of a system (facilities, equipment, and networks). Software. The programs and operating software of a system (systems,

4 applications, and utilities). People. The personnel involved in the operation and use of a system (developers, operators, users, and managers). Procedures. The automated and manual procedures involved in the operation of a system. Data. The information used and supported by a system (transaction streams, files, databases, and tables). (3) The boundaries or aspects of the System covered by the Description. (4) How the System captures and addresses significant events and conditions. (5) The process used to prepare and deliver reports and other information to user entities or other parties. (6) If information is provided to, or received from other parties, how such information is provided or received; the role of the other parties; and the procedures performed to determine that such information and its processing, maintenance, and storage are subject to appropriate controls. (7) For each principle being reported on, the applicable Trust Services criteria and the related controls designed to meet those criteria, including, as applicable, certain user entity obligations contemplated in the design of the Service Organization s System. (8) Any applicable Trust Services criteria that are not addressed by a control at the Service Organization and the reasons therefore. (9) Other aspects of the Service Organization s control environment, risk assessment process, information and communication systems, and monitoring of controls that are relevant to the services provided and the applicable Trust Services criteria. (10) Relevant details of changes to the Service Organization s System during the period covered by the Description. ii. the Description does not omit or distort information relevant to the Service Organization s System while acknowledging that the Description is prepared to meet the common needs of a broad range of users and may not, therefore, include every aspect of the System that each individual user may consider important to his or her own particular needs. b. the controls stated in the Description, together with the user entity obligations described in the Description if operating effectively, were suitably designed throughout the specified period to meet the applicable Trust Services criteria

5 c. Verizon Communications Inc. s controls stated in the Description operated effectively throughout the specified period to meet the applicable Trust Services criteria. Verizon Communications Inc. One Verizon Way Basking Ridge, NJ

6 Ernst & Young LLP One Commerce Square Suite Market Street Philadelphia, PA Tel: Fax: ey.com Board of Directors Verizon Communications Inc. Scope Independent Service Auditor s Report We have examined Verizon Communications Inc. s accompanying Description of the Administration of Verizon Terremark Colocation Services for the period from November 1, 2012 to October 31, 2013 (Description) of its Administration of Verizon Terremark Colocation Services System for data center colocation hosting throughout the period November 1, 2012 to October 31, 2013, based on the criteria set forth in paragraph 1.34 of the AICPA Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (the description criteria) and the suitability of the design and operating effectiveness of controls described therein to meet the criteria for the security and availability principle(s) set forth in the AICPA s TSP section 100, Trust Services Principles,, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (applicable Trust Services ) throughout the period from November 1, 2012 to October 31, The Description indicates that certain applicable Trust Services criteria specified in the Description can be met only if certain user entity obligations contemplated in the design of Verizon Communications Inc. s controls are suitably designed and operating effectively, along with related controls at the Service Organization. We have not evaluated the suitability of the design or operating effectiveness of such user entity obligations. Verizon Terremark Colocation Services data centers included in the Description are in the following geographic locations: Amsterdam, The Netherlands Bogota, Colombia Culpeper, VA Istanbul, Turkey Miami, FL Richardson, TX Santa Clara, CA Sao Paulo, Brazil

7 The information in the accompanying Other Information Provided by Verizon Communications Inc. is presented by the Company to provide additional information and is not part of Verizon s Description. Such information has not been subjected to the procedures applied in our examination of the Description. Verizon Communications Inc. s responsibilities Verizon Communications Inc. has provided the accompanying assertion titled, Verizon Communications Inc. s Management Assertion (Assertion) about the fairness of the presentation of the Description based on the description criteria and suitability of the design and operating effectiveness of the controls described therein to meet the applicable Trust Services criteria. Verizon Communications Inc. is responsible for (1) preparing the Description and Assertion; (2) the completeness, accuracy, and method of presentation of the Description and Assertion; (3) providing the services covered by the Description; (4) specifying the controls that meet the applicable Trust Services criteria and stating them in the Description; and (5) designing, implementing, and documenting the controls to meet the applicable Trust Services criteria. Service auditor s responsibilities Our responsibility is to express an opinion on the fairness of the presentation of the Description based on the description criteria and on the suitability of the design and operating effectiveness of the controls described therein to meet the applicable Trust Services criteria, based on our examination. We conducted our examination in accordance with attestation standards established by the American Institute of Certified Public Accountants. Those standards require that we plan and perform our examination to obtain reasonable assurance about whether, in all material respects, (1) the Description is fairly presented based on the description criteria, and (2) the controls described therein are suitably designed and operating effectively to meet the applicable Trust Services criteria throughout the period from November 1, 2012 to October 31, An examination of a description of a service organization s system and the suitability of the design and operating effectiveness of the service organization s controls, involves performing procedures to obtain evidence about the fairness of the presentation of the Description based on the description criteria and the suitability of the design and operating effectiveness of those controls to meet the applicable Trust Services criteria. Our procedures included assessing the risks that the Description is not fairly presented and that the controls were not suitably designed or operating effectively. Our procedures also included testing the operating effectiveness of those controls that we consider necessary to provide reasonable assurance that the applicable Trust Services criteria were met. Our examination also included evaluating the overall presentation of the Description. We believe that the evidence we have obtained is sufficient and appropriate to provide a reasonable basis for our opinion

8 Inherent limitations The Description is prepared to meet the common needs of a broad range of users and may not, therefore, include every aspect of the system that each individual user may consider important to its own particular needs. Because of their nature and inherent limitations, controls at a service organization may not always operate effectively to meet the applicable Trust Services criteria. Also, the projection to the future of any evaluation of the fairness of the presentation of the Description, or conclusions about the suitability of the design or operating effectiveness of the controls to meet the applicable Trust Services criteria is subject to the risk that the system may change or that controls at a service organization may become ineffective or fail. Opinion In our opinion, in all material respects, based on the description criteria and the applicable Trust Services criteria: a. the Description fairly presents the Administration of Verizon Terremark Colocation Services System that was designed and implemented throughout the period from November 1, 2012 to October 31, b. the controls stated in the Description were suitably designed to provide reasonable assurance that the applicable Trust Services criteria would be met if the controls operated effectively throughout the period from November 1, 2012 to October 31, 2013 and if user entities applied the user entity obligations contemplated in the design of Verizon Communications Inc. s controls throughout the period from November 1, 2012 to October 31, c. the controls tested, which, together with the user entity obligations referred to in the scope paragraph of this report if operating effectively, were those necessary to provide reasonable assurance that the applicable Trust Service criteria were met, operated effectively throughout the period from November 1, 2012 to October 31, Description of tests of controls The specific controls tested and the nature, timing, and results of those tests are listed in the accompanying Description of Control Objectives, Controls, Tests, (Description of Tests and Results). Restricted use This report, including the description of tests of controls and results thereof in the Description of Tests and Results, is intended solely for the information and use of Verizon Communications Inc., user entities of Verizon Communications Inc. s System, and prospective user entities, independent auditors and practitioners providing services to such user entities, and regulators who have sufficient knowledge and understanding of the following:

9 The nature of the service provided by the Service Organization How the Service Organization s System interacts with user entities or other parties Internal control and its limitations Certain user entity obligations and how they interact with related controls at the Service Organization to meet the applicable Trust Services criteria The applicable Trust Services criteria The risks that may threaten the achievement of the applicable Trust Services criteria and how controls address those risks This report is not intended to be and should not be used by anyone other than these specified parties. February 21, 2014 Philadelphia, Pennsylvania

10 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 Company Overview Verizon Terremark (the Company) is one of three operating units of Verizon Communications Inc. (NYSE: VZ). The Company delivers advanced IP, data, voice and wireless solutions to a majority of the Fortune 500 businesses and government agencies in more than 200 state-of-theart data centers in 23 countries across five continents. Verizon Terremark global IP footprint serves 4,000+ networks in 142 countries and territories, including non-verizon Terremark connections from more than 60 network providers globally. Verizon Terremark provides information technology deployments with advanced infrastructure and managed service offerings that deliver the scale, security, and reliability necessary to meet the requirements of enterprises and governments around the world. Boundaries of the System Verizon Terremark s core business function is to provide strategically positioned data centers around the world within which customers/potential customers can host their computing, storage, telecommunications and application server hardware. Verizon Terremark Colocation Services include providing hardware, software, network technology, physical security, and environmental safeguards necessary to offer customers a comprehensive colocation hosting solution. Verizon Terremark facilities offer choices and redundancies in communication infrastructure. Verizon Terremark data centers are connected to multiple domestic fiber backbones, undersea cables and over 160 carriers providing customers access to virtually any location in the world. Colocation customers have the ability to contract services directly with carriers in the Verizon Terremark facilities for the connectivity and redundancy they require. Depending on customer requirements, racks, cabinets, or customized caged floor spaces are available across a global footprint of hardened and secure facilities. Verizon Terremark configures the customer site either in a locked server cabinet/rack or a cage which consists of multiple server racks/cabinets that are based on each individual customer s specifications. Verizon Terremark is responsible for setting up each individual customer s environment including the customer cabinets and cages, providing network connectivity and power for the environment, administering physical access to the environment and managing the environmental safeguard systems. Once the customer environment has been set up, Verizon Terremark turns over the environment to the customer who is then responsible for building/staging the remainder of its own infrastructure and establishing physical access control lists. Verizon Terremark does not control customer-specific hardware, operating systems, databases, applications, or any other content loaded on the customer hardware. Verizon Terremark does not administer or access customer systems at the operating system, database, or application levels. Data Centers The hardened facilities sit on top of Tier 1 networks. The data centers provide the physical security for sensitive business applications and n+2 redundant power and cooling backed by service level agreements (SLAs). Verizon Terremark provides ongoing monitoring and on-site

11 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 technical support. The specific Verizon Terremark Colocation Services included within the scope are in the following geographic locations: Amsterdam, The Netherlands Bogota, Colombia Culpeper, VA Istanbul, Turkey Miami, FL Richardson, TX Santa Clara, CA Sao Paulo, Brazil Network Verizon Terremark provides customers network connectivity, with plug-and-play access to leading global carriers, delivering a competitive marketplace of connectivity that allows customers to strategically select the connectivity service best suited to their business. Verizon Terremark s peering fabric brings together providers from around the world to a common location for handing off traffic and making connections. Verizon Terremark provides zero mile connectivity to the world. Service Delivery Platform (SDP) Service Management Verizon Terremark s next generation SDP Service Management system is driven by a focus on computing, network design, operations and management. This advanced technology represents the optimization of the surrounding technical operations and business processes to create the architectural logic of an entire managed environment. It integrates the capability for Verizon Terremark to manage its services for customers through the following modules: Order Broker, Entity Manager, Alert Management, Implementation, Configuration Management Database (CMDB), Change Management, Ticketing, and Verizon Terremark View Point. Managed Router Service (MRS) Verizon Terremark offers a Managed Routing Service (MRS) that leverages the global network connectivity provided by the telecommunications companies located within Verizon Terremark s carrier-neutral facilities. Verizon Terremark s Managed Router Service (MRS) provides optimal access to the Internet without the purchase and management of individually owned Internet routers. Using Verizon Terremark s Managed Route Control Platform (MRCP), the MRS solution helps ensure the best possible path to the Internet in real-time. Verizon Terremark intelligently routes Internet traffic across multiple networks, reducing latency and providing redundancy in the event of a problem. Hybrid Capabilities Verizon Terremark has the ability to provide hybrid solutions that combine traditional colocation with cloud computing environments and managed hosting. Existing physical devices and private networks can also be integrated into cloud environments as needed. Verizon Terremark s hybrid

12 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 capabilities provide customers with access to various levels of support depending on their requirements. RemoteHands SmartHands Service Verizon Terremark s RemoteHands SmartHands services assist customers that need remote access to equipment for performing simple troubleshooting or maintenance tasks. Verizon Terremark s staff can perform basic tasks that may require the use of tools or equipment. Verizon Terremark RemoteHands SmartHands services are available on demand or by subscription in four-hour blocks per month. Network and Connectivity Services Verizon Terremark s Managed Network and Connectivity services include the basic layer one services such as physical interconnection to more complex layer three monitoring of networks and alerts. Carrier-neutral design provides zero mile access to robust connectivity and at the same time delivers cost savings, flexibility, and can scale to match customer growth while still delivering the performance customers demand. Cross-connect Services Cross-connectivity is provided to customers in a streamlined manner through the adoption of a centralized hub named a Meet Point Room, to which all inbound and outbound interconnections are routed to service the colocation customers. Cross-connects can be delivered by means of copper (POTS), coaxial, unshielded twisted pair (UTP) and fiber. Exchange Services Peering Verizon Terremark's state-of-the-art Exchange Platform is at the core of Verizon Terremark s network and offers a total switching capacity of over 1.0 Tbps. In addition to providing flexible and reliable Ethernet-virtual local area network (VLAN) and Optical/Digital connections for the exchange of Internet traffic, Verizon Terremark s Exchange Platform is used for the provisioning of next generation network-based services. Verizon Terremark s Exchange Platform employs an industry-leading and state-of-the-art Ethernet technology. The Exchange Platform is the vehicle used to reach many businesses and consumers served by the companies connected to Verizon Terremark, enabling Internet Protocol (IP)-based products and services to easily reach virtually anywhere in the world. Components of the System Verizon s System includes infrastructure, software, people, procedures and data: Infrastructure the physical and hardware components of the System including facilities, equipment, and networks. Verizon Terremark infrastructure includes Verizon Terremark Colocation Services network backbone. Verizon Terremark does not control customer-specific hardware, operating systems, databases, applications, or any other content loaded on the customer hardware. Verizon Terremark configures the customer site either in a locked server cabinet/rack or a cage which

13 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 consists of multiple server racks/cabinets that are based on each individual customer s specifications. Verizon Terremark is responsible for setting up each individual customer s environment including the customer cabinets and cages, providing network connectivity and power for the environment, and managing the environmental safeguard systems. Once the customer environment has been set up, Verizon Terremark turns over the environment to the customer who is then responsible for building/staging its own infrastructure. Software the programs and operating software of the System including systems, applications, and utilities. Verizon Terremark does not administer or access customer systems at the operating system, database, or application levels. As part of the Verizon Terremark service, when a customer is not able to be on-site at the Verizon Terremark data center, Verizon Terremark provides handson technical support should the customer require technical assistance such as a system reboot or a hardware replacement. People the personnel involved in the operation and use of the System including developers, operators, users, and managers. The Company s organizational structure provides the overall framework for planning, directing, and controlling operations. Personnel and business functions are separated into departments according to job responsibilities. The structure provides defined responsibilities and lines of authority for reporting and communication. The assignment of roles and responsibilities within the various departments provides effective segregation of duties. All team members are recruited and managed using Verizon s global policies and procedures described in the Description of the Control Environment, Control Activities, Information Communication, Monitoring and Risk Assessment Processes section. The following teams are involved in the services provided by Verizon Terremark Colocation Services solution: NOC administration Responsible for functions such as management of network infrastructure including switches, firewalls, load balancers, routers and virtual private network platforms. Facilities administration Responsible for maintenance functions for systems such as electrical power, air conditioning and humidity, UPS, electric generators, fire suppression, smoke detection, real-time monitoring with alarms and alerts. Service Center Responsible for functions such as dedicated customer support, troubleshooting, issue and problem management, escalation and resolutions procedures. Procedures the automated and manual procedures involved in the operation of the System. The Company s employees adhere to Verizon s global policies that define how services should be delivered. The policies are located on Verizon s intranet and can be accessed by the Company s employees

14 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 Data the information used and supported by the System. Verizon does not manage or input data into customer systems and is not responsible for the accuracy or completeness of customer data. Customer data necessary to provide the services within the boundaries of the System is managed in accordance with the relevant data protection and other regulations, with any specific requirements specified in the customer contracts. Description of the Control Environment, Control Activities, Information Communication, Monitoring and Risk Assessment Processes Control Environment The control environment reflects the overall attitude and awareness of management and personnel concerning the importance of controls and the emphasis given to controls in the Company s policies, procedures, and actions. The organizational structure, separation of job responsibilities by departments and business function, and documentation of policies and procedures, are the methods used to define and implement operational controls. The following is a description of the five components of internal control as they pertain to Verizon Terremark. Management Controls Verizon management is responsible for directing and controlling operations and for establishing, communicating, and monitoring control policies and procedures. Management focuses on maintaining sound internal controls and the integrity and ethical values of all Company personnel. Organizational values and behavioral standards are communicated to all personnel through policy statements and guidelines during new hire orientation and are also available for review on the Company intranet. Verizon Board of Directors, assisted by its committees, directs the affairs of the Company. Twelve directors hold office until the next annual meeting of stockholders and until a successor is duly elected and qualified. The election of directors requires the affirmative vote of a majority of the votes represented and entitled to vote at the annual meeting. Verizon Corporate Governance and Policy Committee provides oversight and guidance to the membership, structure, policies and processes of the Board of Directors and its committees to facilitate the effective exercise of the Board's role in the governance of the Corporation. In addition, the Committee reviews the Company's governance and policy processes. In carrying out its activities, the Committee is supported by the Corporate Secretary as the Company's chief governance officer. Verizon Human Resources Committee (HRC) oversees management in the development and implementation of human resource practices and policies. One of the programs the HRC has developed is succession planning, which enhances the Company s strategic objectives and promotes equal opportunity and diversity. Additionally, the HRC reviews management compensation and benefit plans to make sure they are competitive so as to attract, motivate, and retain highly qualified employees. Verizon Audit Committee is appointed by the Board of Directors to oversee (1) management in the performance of its responsibility for the integrity of the Company's accounting and financial

15 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 reporting, and its systems of internal controls, (2) the performance and qualifications of the independent auditor (including the independent auditor's independence), (3) the performance of the Company's internal audit function, and (4) the Company's compliance with legal and regulatory requirements. The Internal Controls Organization, in conjunction with Verizon Internal Audit, assesses the effectiveness of the internal control structure and procedures for financial reporting on an annual basis. The Internal Controls Organization works with key business units and process owners throughout the entire Company to ensure management establishes and maintains an adequate internal control structure and procedure for collecting, processing, and disclosing financial information. Verizon has implemented policies and procedures to address critical financial and operational processes including human resources, information systems, and operations. Personnel Policies and Procedures The competence of employees is a key element of the control environment. Verizon is committed to the development of its employees. This commitment to competence is expressed in the Company s personnel policies and related human resources programs. Specific indicators of the commitment to personnel development include recruiting and hiring policies, investment in training and development, and performance monitoring. Verizon s commitment to competence begins with recruiting, which is the joint responsibility of the Human Resources Department and business unit managers. Hiring decisions are based on various factors, including educational background, prior relevant experience, past accomplishments, and evidence of integrity and ethical behavior. The Company s commitment to the development of its staff includes an active performance monitoring process. The process is co-managed by each employee and his or her manager. The process entails the development of specific, quantifiable objectives for the coming period, periodic discussions of progress in meeting those objectives, and an annual formal review of the employee s overall performance in the current position as well as career development discussions to help prepare the individual for advancement. Integrity and high ethical standards are qualities essential to the business of the Company and are viewed as fundamental standards of behavior for all employees. At Verizon, the standards of integrity and ethics are demonstrated daily by the personal conduct of management and various controls, including guidelines for handling confidential information and policies stipulating that employees comply with all laws, regulations, and corporate policies as a condition of continuing employment. In addition, the Company has a code of conduct and requires all employees to formally acknowledge their commitment to performing in a professional and ethical manner. Further, each employee is expected to report any violation or exception to these policies that are suspected by another employee of Verizon or an outsider. Recognizing the sensitive nature of these situations, employees have several options for bringing these situations to management s attention. The Company has also instituted an open-door policy to facilitate open and frequent communication with executive management

16 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 Monitoring Management has implemented a division of roles and responsibilities, which limits the ability of a single individual to subvert critical processes. This segregation of duties increases control over processes that may impact customer systems. There are procedures in place to help ensure that personnel perform only those duties related to their positions. Management has defined and implemented relevant procedures to control the activities of consultants and other contract personnel in order to protect the organization s assets. Contractors and consultants are issued access badges based upon responsibility and job scope. These badges include an expiration date which is based upon their contract. Management verifies personnel references for new hires before they are hired, transferred, or promoted, with additional screening checks depending on the sensitivity of the position. Risk Assessment Verizon employs both formal and informal risk assessment procedures. A formal risk assessment is conducted annually by the Company s executive management and is reviewed by Verizon Audit Committee. The process includes identifying, prioritizing, and ranking risks at both the entity and activity level. used to rank risks include, but are not limited to, financial activities, technological complexity and dependencies, and process impact on the Company s reputation. Other assessments that are performed consider economic and industry factors affecting the Company, business planning, and discussions with market analysts by each business unit. Information and Communication Management is committed to maintaining effective communication with all personnel and customers. To help align Verizon strategies and goals with operating performance as it relates to customers, management across all departments participates in weekly meetings in order to discuss the status of service delivery or other matters of interest and concern. Issues or suggestions identified by personnel are readily brought to the attention of management to be addressed and resolved. On a monthly basis, operating performance reports are provided to management to summarize the performance statistics of the various products, including, but not limited to, utilization, and problem reporting. Daily alerts are provided to product support personnel regarding problems. Senior management is presented with a summary of operations and future business plans on a quarterly basis. and Controls The Trust Services and the controls that meet the criteria are listed in the accompanying Description of, Controls, Tests,. The management of Verizon has specified its controls that meet the criteria for Security and Availability. The controls are described using the following categories:

17 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 Policies: Verizon has defined and documented its policies relevant to the Security and Availability principles. Communications: Verizon has communicated its defined policies to responsible parties and authorized users of the system. Procedures: Verizon placed in operation procedures to achieve its objectives in accordance with its defined policies. Monitoring: Verizon monitors the System and takes action to maintain compliance with its defined policies. Physical Security Overview Verizon Terremark s physical security standards for data center facilities feature a centrally located guard post / command center that is staffed by security personnel at all times. Security personnel provide overall building security, monitor security cameras, guard building entrance and exit access points, and control access to the entire facility to employees, contractors, customers and visitors. The data centers in North America, Europe and Latin America are also continuously monitored by Verizon Security s central monitoring facilities in those regions. These facilities provide a backup response capability. Policies and Procedures Verizon Terremark security policies are documented and available to all employees on an internal web site. Employees receive security awareness training for both physical and information security as part of the onboarding process. This training is reinforced by security awareness articles and bulletins on current issues. Additionally, employees are also required to participate in annual security awareness training. Secure Area Access Control Areas designated to be secure areas continuously remain secure and are only accessed by authorized company personnel and/or visitors for approved purposes. Access is assigned based upon an individual s specific job assignment(s) and responsibilities. A centralized security badge access system provides controlled access to each facility. Administrative access privileges to the badge access systems are restricted to user accounts accessible by authorized personnel. Predefined physical security zones are utilized to define role-based access privileges to and throughout the data center facilities. The badge access system logs both successful and unsuccessful access attempts for ad hoc review. Access attempts are traceable to specific employee accounts. Verizon Terremark personnel must wear an authorized employee access badge while conducting business at a data center facility. Contractors, vendors, and visitors must obtain an access badge to gain entry into a data center facility. The on-duty security personnel are responsible for granting access to vendors, visitors and Verizon Terremark customers requiring access to their equipment. The security personnel are also responsible for security monitoring and reporting procedures, responding to building

18 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 alarms and monitoring video surveillance cameras. Security incidents are recorded in security patrol logs and investigated. Employee Access Requests for new employee access are submitted by Human Resources and include name of the new employee, department, site, supervisor and the access areas to be assigned. Requests for access are approved by employee s supervisor. Requests for changes in access for employees are submitted by a department supervisor and approved by the area authorizer. Employee terminations are submitted by Human Resources. Physical security personnel revoke access privileges assigned to terminated employees as a component of the employee termination process. Physical access rights are reviewed periodically by management to help ensure that access privileges are assigned to appropriate employees. Customer and Visitor Access Customers physical hardware is maintained in locked server racks/cabinets and cages within the data centers. Badge access cards and physical keys to the server racks/cabinets and cages located within the data centers are secured. Customer access to Verizon Terremark facilities is strictly enforced. Customers whose accounts are in good standing may visit their equipment at any time. Customers are required to comply with Verizon Terremark physical access procedures while on premises at the data center facility. To obtain access to the customer cages and/or racks/cabinets, a pre-approved customer contact must request that a particular customer employee or vendor be granted access in advance of the visit from the appropriate business or technical representative. Upon arrival at the data center, visitors requiring access must present government-issued photo identification to Verizon Terremark security personnel to obtain a visitor badge. Security personnel document the visitor s name, firm represented and the name of the employee authorizing physical access within the visitor access log. Visitor badges do not have physical access capabilities and are identifiably different from employee badges. Visitors are required to surrender their visitor badges upon departure from the data center facilities. Based on individual customer requirements, vendors representing customers may be required to provide evidence that they work for the specified vendor before they can obtain access, in addition to providing the government-issued photo identification. The vendor name must also appear on the approved access list. Vendors are required to be escorted and accompanied by an authorized Verizon Terremark employee when in sensitive areas. If an individual is not authorized for entry, he/she is prohibited from access into the data center. Video surveillance cameras are installed at each data facility. The video surveillance cameras are positioned to monitor for intrusion activities or possible vulnerabilities and are recorded on an ongoing basis. Cameras capture data centers, passageways, entrances, exits, and external surroundings. The digital video recorders are configured to retain the digital recordings for a minimum of 90 days for investigations

19 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 Environmental Safeguards Overview To minimize the likelihood of system outages and the effects of disasters on systems and operations, Verizon Terremark has implemented redundant environmental safeguards and backup power systems. The Manager of Data Center Operations and the Facilities Manager at each data center oversee the data center environmental safeguards and backup power management systems. The following section describes the environmental safeguards in place at each data center. Although minor differences exist between each of the data centers, the listed safeguards apply to the data centers in the scope of this report. Each data center is equipped to maintain continuous operation and protect against environmental extremes. The environment including temperature and humidity in each facility is controlled using air-conditioning systems that are regularly maintained. Additional cooling to the data center floor area is provided by multiple computer room air conditioning (CRAC) units. Each unit is attached to several leak detection sensors which are continuously monitored. The CRAC units are supported by multiple redundant water chiller systems. The temperature and humidity are monitored using a centralized monitoring system. Power Each Verizon Terremark data center utilizes separate and secure power management and power backup systems. The data centers utilize power from multiple commercial feeds from the local substations. In the event of a brief commercial power failure, the power is backed up by multiple redundant uninterruptible power supply (UPS) systems or continuous power systems (CPS). In the event of a power disruption, each facility s system is able to sustain power to critical areas including infrastructure and customer equipment until the diesel generators are activated. The redundant diesel generators provide additional power protection should a power disruption last more than a few minutes. The diesel generators can supply the power necessary for site management and can be refueled to power the facility. Generators and UPS systems are maintained and tested in accordance with a maintenance schedule. The electrical system, utility power, and distribution systems are monitored using a centralized monitoring system. The monitoring system generates alarms and alert notifications for possible failure or overloading of the electrical systems. Fire Detection and Suppression The environment is protected by a fire detection system with smoke detectors under the raised floor and on the ceiling or above the suspended ceiling, where applicable. The system is equipped with a local display panel and, in some facilities, the alarm signals are automatically transmitted to the local fire authority. In addition, alarm status signals will also be transmitted to the multi-zone pre-action dry pipe fire suppression system. The system has two levels of alarms before water can be released; an individual head must fuse and either a smoke or heat detector must activate. Water will then begin to flow at that location of the activated sprinkler head only. This configuration provides protection against accidental discharge of water by requiring two separate attributes to occur before releasing water. In the event of a system malfunction or unnecessary water discharge, the water supply to the sprinkler system can be shut down manually to prevent unnecessary water damage to the

20 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 equipment located on the data center floor. The data centers are also equipped with Power Off valves at the main data center exit. These Power Off valves can be used to quickly shut down the system in the event of an emergency to prevent unnecessary damage to the equipment. As an additional backup, hand-held fire extinguishers are in place for manual fire suppression. Monitoring and Inspections Each of the environmental safeguard and power management systems are monitored on a daily basis and inspected on a regular basis according to a predefined maintenance schedule. Verizon Terremark has developed standardized inspection procedures and schedules for the various systems. An enterprise monitoring system is in place to monitor certain environmental conditions throughout the data centers. The system is configured to alert facilities personnel via when predefined thresholds are exceeded on monitored systems. Network Availability Overview In order to help ensure that network devices and related services are available for operation and that network problems are identified, investigated, and resolved, Verizon Terremark uses a combination of monitoring tools, procedures and support protocols. Network monitoring policies and procedures are in place and provide guidance in the prioritization and handling of monitoring alerts and required activities that include the following: Network communications monitoring and troubleshooting Malicious Internet activity procedures NOC functions Handling failure alerts Handling site down alerts Handling warning alerts Network Operations Centers Verizon Terremark s Network Operations Centers (NOCs) serve as the central command points for service delivery and oversee day-to-day operations within each data center. Verizon Terremark s NOCs are staffed with support personnel on an ongoing basis. The continuous staffing schedule is instrumental in supporting customers on a global scale. NOC personnel oversee the enterprise monitoring applications that are in place to monitor the performance and availability of network communications devices and to help identify potential sources of failure. Service Centers Verizon Terremark s Service Centers (SCs) are the on-site resource centers for Verizon Terremark customers. The SC handles service inquiries and provides support for customers at each of the data center facilities. Network Device Configuration