Description of the Administration of Verizon Terremark Colocation Services Relevant to Security and Availability

Size: px
Start display at page:

Download "Description of the Administration of Verizon Terremark Colocation Services Relevant to Security and Availability"

Transcription

1 Service Organization Controls 2 Report Description of the Administration of Verizon Terremark Colocation Services Relevant to Security and Availability For the Period from November 1, 2012 to October 31, 2013 With Independent Service Auditor s Report including Tests Performed and Results Thereof We Are VERIZON INTEGRITY - RESPECT - PERFORMANCE - EXCELLENCE - ACCOUNTABILITY

2 Verizon Communications Inc. Description of the Administration of Verizon Terremark Colocation Services Relevant to Security and Availability for the Period from November 1, 2012 to October 31, 2013 Table of Contents Verizon Communications Inc. s Management Assertion... 1 Independent Service Auditor s Report... 4 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, Company Overview... 8 Boundaries of the System... 8 Components of the System Description of the Control Environment, Control Activities, Information Communication, Monitoring and Risk Assessment Processes Control Environment Management Controls Monitoring Risk Assessment Information and Communication and Controls Physical Security Environmental Safeguards Network Availability Business Continuity and Disaster Recovery Certain User Entity Obligations (CUO) Description of, Controls, Tests, Tests Performed of Entity-Level Controls and Controls Security and Availability Policies Security and Availability Communications Security and Availability Procedures Security and Availability Monitoring Other Information Provided by Verizon Communications, Inc APPENDIX A Required Policy Components

3 Verizon Communications Inc. s Management Assertion February 21, 2014 We have prepared the accompanying Description of the Administration of Verizon Terremark Colocation Services for the period from November 1, 2012 to October 31, 2013 (Description) of Verizon Communications Inc. (Service Organization) based on the criteria in items (a)(i)-(ii) below, which are the criteria for a description of a service organization s system set forth in paragraph 1.34 of the AICPA Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (the description criteria). The Description is intended to provide users with information about the Administration of Verizon Terremark Colocation Services (System), particularly system controls, intended to meet the criteria for the security and availability principle(s) set forth in the AICPA s TSP section 100, Trust Services Principles,, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (applicable Trust Services criteria). Verizon Terremark Colocation Services data centers included in the Description are in the following geographic locations: Amsterdam, The Netherlands Bogota, Colombia Culpeper, VA Istanbul, Turkey Miami, FL Richardson, TX Santa Clara, CA Sao Paulo, Brazil The management of Verizon Communications Inc. confirms, to the best of its knowledge and belief, that: a. the Description fairly presents the System throughout the period from November 1, 2012 to October 31, 2013, based on the following description criteria: i. the Description contains the following information: (1) The types of services provided. (2) The components of the System used to provide the services, which are the following: Infrastructure. The physical and hardware components of a system (facilities, equipment, and networks). Software. The programs and operating software of a system (systems,

4 applications, and utilities). People. The personnel involved in the operation and use of a system (developers, operators, users, and managers). Procedures. The automated and manual procedures involved in the operation of a system. Data. The information used and supported by a system (transaction streams, files, databases, and tables). (3) The boundaries or aspects of the System covered by the Description. (4) How the System captures and addresses significant events and conditions. (5) The process used to prepare and deliver reports and other information to user entities or other parties. (6) If information is provided to, or received from other parties, how such information is provided or received; the role of the other parties; and the procedures performed to determine that such information and its processing, maintenance, and storage are subject to appropriate controls. (7) For each principle being reported on, the applicable Trust Services criteria and the related controls designed to meet those criteria, including, as applicable, certain user entity obligations contemplated in the design of the Service Organization s System. (8) Any applicable Trust Services criteria that are not addressed by a control at the Service Organization and the reasons therefore. (9) Other aspects of the Service Organization s control environment, risk assessment process, information and communication systems, and monitoring of controls that are relevant to the services provided and the applicable Trust Services criteria. (10) Relevant details of changes to the Service Organization s System during the period covered by the Description. ii. the Description does not omit or distort information relevant to the Service Organization s System while acknowledging that the Description is prepared to meet the common needs of a broad range of users and may not, therefore, include every aspect of the System that each individual user may consider important to his or her own particular needs. b. the controls stated in the Description, together with the user entity obligations described in the Description if operating effectively, were suitably designed throughout the specified period to meet the applicable Trust Services criteria

5 c. Verizon Communications Inc. s controls stated in the Description operated effectively throughout the specified period to meet the applicable Trust Services criteria. Verizon Communications Inc. One Verizon Way Basking Ridge, NJ

6 Ernst & Young LLP One Commerce Square Suite Market Street Philadelphia, PA Tel: Fax: ey.com Board of Directors Verizon Communications Inc. Scope Independent Service Auditor s Report We have examined Verizon Communications Inc. s accompanying Description of the Administration of Verizon Terremark Colocation Services for the period from November 1, 2012 to October 31, 2013 (Description) of its Administration of Verizon Terremark Colocation Services System for data center colocation hosting throughout the period November 1, 2012 to October 31, 2013, based on the criteria set forth in paragraph 1.34 of the AICPA Guide Reporting on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy (the description criteria) and the suitability of the design and operating effectiveness of controls described therein to meet the criteria for the security and availability principle(s) set forth in the AICPA s TSP section 100, Trust Services Principles,, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (applicable Trust Services ) throughout the period from November 1, 2012 to October 31, The Description indicates that certain applicable Trust Services criteria specified in the Description can be met only if certain user entity obligations contemplated in the design of Verizon Communications Inc. s controls are suitably designed and operating effectively, along with related controls at the Service Organization. We have not evaluated the suitability of the design or operating effectiveness of such user entity obligations. Verizon Terremark Colocation Services data centers included in the Description are in the following geographic locations: Amsterdam, The Netherlands Bogota, Colombia Culpeper, VA Istanbul, Turkey Miami, FL Richardson, TX Santa Clara, CA Sao Paulo, Brazil

7 The information in the accompanying Other Information Provided by Verizon Communications Inc. is presented by the Company to provide additional information and is not part of Verizon s Description. Such information has not been subjected to the procedures applied in our examination of the Description. Verizon Communications Inc. s responsibilities Verizon Communications Inc. has provided the accompanying assertion titled, Verizon Communications Inc. s Management Assertion (Assertion) about the fairness of the presentation of the Description based on the description criteria and suitability of the design and operating effectiveness of the controls described therein to meet the applicable Trust Services criteria. Verizon Communications Inc. is responsible for (1) preparing the Description and Assertion; (2) the completeness, accuracy, and method of presentation of the Description and Assertion; (3) providing the services covered by the Description; (4) specifying the controls that meet the applicable Trust Services criteria and stating them in the Description; and (5) designing, implementing, and documenting the controls to meet the applicable Trust Services criteria. Service auditor s responsibilities Our responsibility is to express an opinion on the fairness of the presentation of the Description based on the description criteria and on the suitability of the design and operating effectiveness of the controls described therein to meet the applicable Trust Services criteria, based on our examination. We conducted our examination in accordance with attestation standards established by the American Institute of Certified Public Accountants. Those standards require that we plan and perform our examination to obtain reasonable assurance about whether, in all material respects, (1) the Description is fairly presented based on the description criteria, and (2) the controls described therein are suitably designed and operating effectively to meet the applicable Trust Services criteria throughout the period from November 1, 2012 to October 31, An examination of a description of a service organization s system and the suitability of the design and operating effectiveness of the service organization s controls, involves performing procedures to obtain evidence about the fairness of the presentation of the Description based on the description criteria and the suitability of the design and operating effectiveness of those controls to meet the applicable Trust Services criteria. Our procedures included assessing the risks that the Description is not fairly presented and that the controls were not suitably designed or operating effectively. Our procedures also included testing the operating effectiveness of those controls that we consider necessary to provide reasonable assurance that the applicable Trust Services criteria were met. Our examination also included evaluating the overall presentation of the Description. We believe that the evidence we have obtained is sufficient and appropriate to provide a reasonable basis for our opinion

8 Inherent limitations The Description is prepared to meet the common needs of a broad range of users and may not, therefore, include every aspect of the system that each individual user may consider important to its own particular needs. Because of their nature and inherent limitations, controls at a service organization may not always operate effectively to meet the applicable Trust Services criteria. Also, the projection to the future of any evaluation of the fairness of the presentation of the Description, or conclusions about the suitability of the design or operating effectiveness of the controls to meet the applicable Trust Services criteria is subject to the risk that the system may change or that controls at a service organization may become ineffective or fail. Opinion In our opinion, in all material respects, based on the description criteria and the applicable Trust Services criteria: a. the Description fairly presents the Administration of Verizon Terremark Colocation Services System that was designed and implemented throughout the period from November 1, 2012 to October 31, b. the controls stated in the Description were suitably designed to provide reasonable assurance that the applicable Trust Services criteria would be met if the controls operated effectively throughout the period from November 1, 2012 to October 31, 2013 and if user entities applied the user entity obligations contemplated in the design of Verizon Communications Inc. s controls throughout the period from November 1, 2012 to October 31, c. the controls tested, which, together with the user entity obligations referred to in the scope paragraph of this report if operating effectively, were those necessary to provide reasonable assurance that the applicable Trust Service criteria were met, operated effectively throughout the period from November 1, 2012 to October 31, Description of tests of controls The specific controls tested and the nature, timing, and results of those tests are listed in the accompanying Description of Control Objectives, Controls, Tests, (Description of Tests and Results). Restricted use This report, including the description of tests of controls and results thereof in the Description of Tests and Results, is intended solely for the information and use of Verizon Communications Inc., user entities of Verizon Communications Inc. s System, and prospective user entities, independent auditors and practitioners providing services to such user entities, and regulators who have sufficient knowledge and understanding of the following:

9 The nature of the service provided by the Service Organization How the Service Organization s System interacts with user entities or other parties Internal control and its limitations Certain user entity obligations and how they interact with related controls at the Service Organization to meet the applicable Trust Services criteria The applicable Trust Services criteria The risks that may threaten the achievement of the applicable Trust Services criteria and how controls address those risks This report is not intended to be and should not be used by anyone other than these specified parties. February 21, 2014 Philadelphia, Pennsylvania

10 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 Company Overview Verizon Terremark (the Company) is one of three operating units of Verizon Communications Inc. (NYSE: VZ). The Company delivers advanced IP, data, voice and wireless solutions to a majority of the Fortune 500 businesses and government agencies in more than 200 state-of-theart data centers in 23 countries across five continents. Verizon Terremark global IP footprint serves 4,000+ networks in 142 countries and territories, including non-verizon Terremark connections from more than 60 network providers globally. Verizon Terremark provides information technology deployments with advanced infrastructure and managed service offerings that deliver the scale, security, and reliability necessary to meet the requirements of enterprises and governments around the world. Boundaries of the System Verizon Terremark s core business function is to provide strategically positioned data centers around the world within which customers/potential customers can host their computing, storage, telecommunications and application server hardware. Verizon Terremark Colocation Services include providing hardware, software, network technology, physical security, and environmental safeguards necessary to offer customers a comprehensive colocation hosting solution. Verizon Terremark facilities offer choices and redundancies in communication infrastructure. Verizon Terremark data centers are connected to multiple domestic fiber backbones, undersea cables and over 160 carriers providing customers access to virtually any location in the world. Colocation customers have the ability to contract services directly with carriers in the Verizon Terremark facilities for the connectivity and redundancy they require. Depending on customer requirements, racks, cabinets, or customized caged floor spaces are available across a global footprint of hardened and secure facilities. Verizon Terremark configures the customer site either in a locked server cabinet/rack or a cage which consists of multiple server racks/cabinets that are based on each individual customer s specifications. Verizon Terremark is responsible for setting up each individual customer s environment including the customer cabinets and cages, providing network connectivity and power for the environment, administering physical access to the environment and managing the environmental safeguard systems. Once the customer environment has been set up, Verizon Terremark turns over the environment to the customer who is then responsible for building/staging the remainder of its own infrastructure and establishing physical access control lists. Verizon Terremark does not control customer-specific hardware, operating systems, databases, applications, or any other content loaded on the customer hardware. Verizon Terremark does not administer or access customer systems at the operating system, database, or application levels. Data Centers The hardened facilities sit on top of Tier 1 networks. The data centers provide the physical security for sensitive business applications and n+2 redundant power and cooling backed by service level agreements (SLAs). Verizon Terremark provides ongoing monitoring and on-site

11 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 technical support. The specific Verizon Terremark Colocation Services included within the scope are in the following geographic locations: Amsterdam, The Netherlands Bogota, Colombia Culpeper, VA Istanbul, Turkey Miami, FL Richardson, TX Santa Clara, CA Sao Paulo, Brazil Network Verizon Terremark provides customers network connectivity, with plug-and-play access to leading global carriers, delivering a competitive marketplace of connectivity that allows customers to strategically select the connectivity service best suited to their business. Verizon Terremark s peering fabric brings together providers from around the world to a common location for handing off traffic and making connections. Verizon Terremark provides zero mile connectivity to the world. Service Delivery Platform (SDP) Service Management Verizon Terremark s next generation SDP Service Management system is driven by a focus on computing, network design, operations and management. This advanced technology represents the optimization of the surrounding technical operations and business processes to create the architectural logic of an entire managed environment. It integrates the capability for Verizon Terremark to manage its services for customers through the following modules: Order Broker, Entity Manager, Alert Management, Implementation, Configuration Management Database (CMDB), Change Management, Ticketing, and Verizon Terremark View Point. Managed Router Service (MRS) Verizon Terremark offers a Managed Routing Service (MRS) that leverages the global network connectivity provided by the telecommunications companies located within Verizon Terremark s carrier-neutral facilities. Verizon Terremark s Managed Router Service (MRS) provides optimal access to the Internet without the purchase and management of individually owned Internet routers. Using Verizon Terremark s Managed Route Control Platform (MRCP), the MRS solution helps ensure the best possible path to the Internet in real-time. Verizon Terremark intelligently routes Internet traffic across multiple networks, reducing latency and providing redundancy in the event of a problem. Hybrid Capabilities Verizon Terremark has the ability to provide hybrid solutions that combine traditional colocation with cloud computing environments and managed hosting. Existing physical devices and private networks can also be integrated into cloud environments as needed. Verizon Terremark s hybrid

12 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 capabilities provide customers with access to various levels of support depending on their requirements. RemoteHands SmartHands Service Verizon Terremark s RemoteHands SmartHands services assist customers that need remote access to equipment for performing simple troubleshooting or maintenance tasks. Verizon Terremark s staff can perform basic tasks that may require the use of tools or equipment. Verizon Terremark RemoteHands SmartHands services are available on demand or by subscription in four-hour blocks per month. Network and Connectivity Services Verizon Terremark s Managed Network and Connectivity services include the basic layer one services such as physical interconnection to more complex layer three monitoring of networks and alerts. Carrier-neutral design provides zero mile access to robust connectivity and at the same time delivers cost savings, flexibility, and can scale to match customer growth while still delivering the performance customers demand. Cross-connect Services Cross-connectivity is provided to customers in a streamlined manner through the adoption of a centralized hub named a Meet Point Room, to which all inbound and outbound interconnections are routed to service the colocation customers. Cross-connects can be delivered by means of copper (POTS), coaxial, unshielded twisted pair (UTP) and fiber. Exchange Services Peering Verizon Terremark's state-of-the-art Exchange Platform is at the core of Verizon Terremark s network and offers a total switching capacity of over 1.0 Tbps. In addition to providing flexible and reliable Ethernet-virtual local area network (VLAN) and Optical/Digital connections for the exchange of Internet traffic, Verizon Terremark s Exchange Platform is used for the provisioning of next generation network-based services. Verizon Terremark s Exchange Platform employs an industry-leading and state-of-the-art Ethernet technology. The Exchange Platform is the vehicle used to reach many businesses and consumers served by the companies connected to Verizon Terremark, enabling Internet Protocol (IP)-based products and services to easily reach virtually anywhere in the world. Components of the System Verizon s System includes infrastructure, software, people, procedures and data: Infrastructure the physical and hardware components of the System including facilities, equipment, and networks. Verizon Terremark infrastructure includes Verizon Terremark Colocation Services network backbone. Verizon Terremark does not control customer-specific hardware, operating systems, databases, applications, or any other content loaded on the customer hardware. Verizon Terremark configures the customer site either in a locked server cabinet/rack or a cage which

13 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 consists of multiple server racks/cabinets that are based on each individual customer s specifications. Verizon Terremark is responsible for setting up each individual customer s environment including the customer cabinets and cages, providing network connectivity and power for the environment, and managing the environmental safeguard systems. Once the customer environment has been set up, Verizon Terremark turns over the environment to the customer who is then responsible for building/staging its own infrastructure. Software the programs and operating software of the System including systems, applications, and utilities. Verizon Terremark does not administer or access customer systems at the operating system, database, or application levels. As part of the Verizon Terremark service, when a customer is not able to be on-site at the Verizon Terremark data center, Verizon Terremark provides handson technical support should the customer require technical assistance such as a system reboot or a hardware replacement. People the personnel involved in the operation and use of the System including developers, operators, users, and managers. The Company s organizational structure provides the overall framework for planning, directing, and controlling operations. Personnel and business functions are separated into departments according to job responsibilities. The structure provides defined responsibilities and lines of authority for reporting and communication. The assignment of roles and responsibilities within the various departments provides effective segregation of duties. All team members are recruited and managed using Verizon s global policies and procedures described in the Description of the Control Environment, Control Activities, Information Communication, Monitoring and Risk Assessment Processes section. The following teams are involved in the services provided by Verizon Terremark Colocation Services solution: NOC administration Responsible for functions such as management of network infrastructure including switches, firewalls, load balancers, routers and virtual private network platforms. Facilities administration Responsible for maintenance functions for systems such as electrical power, air conditioning and humidity, UPS, electric generators, fire suppression, smoke detection, real-time monitoring with alarms and alerts. Service Center Responsible for functions such as dedicated customer support, troubleshooting, issue and problem management, escalation and resolutions procedures. Procedures the automated and manual procedures involved in the operation of the System. The Company s employees adhere to Verizon s global policies that define how services should be delivered. The policies are located on Verizon s intranet and can be accessed by the Company s employees

14 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 Data the information used and supported by the System. Verizon does not manage or input data into customer systems and is not responsible for the accuracy or completeness of customer data. Customer data necessary to provide the services within the boundaries of the System is managed in accordance with the relevant data protection and other regulations, with any specific requirements specified in the customer contracts. Description of the Control Environment, Control Activities, Information Communication, Monitoring and Risk Assessment Processes Control Environment The control environment reflects the overall attitude and awareness of management and personnel concerning the importance of controls and the emphasis given to controls in the Company s policies, procedures, and actions. The organizational structure, separation of job responsibilities by departments and business function, and documentation of policies and procedures, are the methods used to define and implement operational controls. The following is a description of the five components of internal control as they pertain to Verizon Terremark. Management Controls Verizon management is responsible for directing and controlling operations and for establishing, communicating, and monitoring control policies and procedures. Management focuses on maintaining sound internal controls and the integrity and ethical values of all Company personnel. Organizational values and behavioral standards are communicated to all personnel through policy statements and guidelines during new hire orientation and are also available for review on the Company intranet. Verizon Board of Directors, assisted by its committees, directs the affairs of the Company. Twelve directors hold office until the next annual meeting of stockholders and until a successor is duly elected and qualified. The election of directors requires the affirmative vote of a majority of the votes represented and entitled to vote at the annual meeting. Verizon Corporate Governance and Policy Committee provides oversight and guidance to the membership, structure, policies and processes of the Board of Directors and its committees to facilitate the effective exercise of the Board's role in the governance of the Corporation. In addition, the Committee reviews the Company's governance and policy processes. In carrying out its activities, the Committee is supported by the Corporate Secretary as the Company's chief governance officer. Verizon Human Resources Committee (HRC) oversees management in the development and implementation of human resource practices and policies. One of the programs the HRC has developed is succession planning, which enhances the Company s strategic objectives and promotes equal opportunity and diversity. Additionally, the HRC reviews management compensation and benefit plans to make sure they are competitive so as to attract, motivate, and retain highly qualified employees. Verizon Audit Committee is appointed by the Board of Directors to oversee (1) management in the performance of its responsibility for the integrity of the Company's accounting and financial

15 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 reporting, and its systems of internal controls, (2) the performance and qualifications of the independent auditor (including the independent auditor's independence), (3) the performance of the Company's internal audit function, and (4) the Company's compliance with legal and regulatory requirements. The Internal Controls Organization, in conjunction with Verizon Internal Audit, assesses the effectiveness of the internal control structure and procedures for financial reporting on an annual basis. The Internal Controls Organization works with key business units and process owners throughout the entire Company to ensure management establishes and maintains an adequate internal control structure and procedure for collecting, processing, and disclosing financial information. Verizon has implemented policies and procedures to address critical financial and operational processes including human resources, information systems, and operations. Personnel Policies and Procedures The competence of employees is a key element of the control environment. Verizon is committed to the development of its employees. This commitment to competence is expressed in the Company s personnel policies and related human resources programs. Specific indicators of the commitment to personnel development include recruiting and hiring policies, investment in training and development, and performance monitoring. Verizon s commitment to competence begins with recruiting, which is the joint responsibility of the Human Resources Department and business unit managers. Hiring decisions are based on various factors, including educational background, prior relevant experience, past accomplishments, and evidence of integrity and ethical behavior. The Company s commitment to the development of its staff includes an active performance monitoring process. The process is co-managed by each employee and his or her manager. The process entails the development of specific, quantifiable objectives for the coming period, periodic discussions of progress in meeting those objectives, and an annual formal review of the employee s overall performance in the current position as well as career development discussions to help prepare the individual for advancement. Integrity and high ethical standards are qualities essential to the business of the Company and are viewed as fundamental standards of behavior for all employees. At Verizon, the standards of integrity and ethics are demonstrated daily by the personal conduct of management and various controls, including guidelines for handling confidential information and policies stipulating that employees comply with all laws, regulations, and corporate policies as a condition of continuing employment. In addition, the Company has a code of conduct and requires all employees to formally acknowledge their commitment to performing in a professional and ethical manner. Further, each employee is expected to report any violation or exception to these policies that are suspected by another employee of Verizon or an outsider. Recognizing the sensitive nature of these situations, employees have several options for bringing these situations to management s attention. The Company has also instituted an open-door policy to facilitate open and frequent communication with executive management

16 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 Monitoring Management has implemented a division of roles and responsibilities, which limits the ability of a single individual to subvert critical processes. This segregation of duties increases control over processes that may impact customer systems. There are procedures in place to help ensure that personnel perform only those duties related to their positions. Management has defined and implemented relevant procedures to control the activities of consultants and other contract personnel in order to protect the organization s assets. Contractors and consultants are issued access badges based upon responsibility and job scope. These badges include an expiration date which is based upon their contract. Management verifies personnel references for new hires before they are hired, transferred, or promoted, with additional screening checks depending on the sensitivity of the position. Risk Assessment Verizon employs both formal and informal risk assessment procedures. A formal risk assessment is conducted annually by the Company s executive management and is reviewed by Verizon Audit Committee. The process includes identifying, prioritizing, and ranking risks at both the entity and activity level. used to rank risks include, but are not limited to, financial activities, technological complexity and dependencies, and process impact on the Company s reputation. Other assessments that are performed consider economic and industry factors affecting the Company, business planning, and discussions with market analysts by each business unit. Information and Communication Management is committed to maintaining effective communication with all personnel and customers. To help align Verizon strategies and goals with operating performance as it relates to customers, management across all departments participates in weekly meetings in order to discuss the status of service delivery or other matters of interest and concern. Issues or suggestions identified by personnel are readily brought to the attention of management to be addressed and resolved. On a monthly basis, operating performance reports are provided to management to summarize the performance statistics of the various products, including, but not limited to, utilization, and problem reporting. Daily alerts are provided to product support personnel regarding problems. Senior management is presented with a summary of operations and future business plans on a quarterly basis. and Controls The Trust Services and the controls that meet the criteria are listed in the accompanying Description of, Controls, Tests,. The management of Verizon has specified its controls that meet the criteria for Security and Availability. The controls are described using the following categories:

17 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 Policies: Verizon has defined and documented its policies relevant to the Security and Availability principles. Communications: Verizon has communicated its defined policies to responsible parties and authorized users of the system. Procedures: Verizon placed in operation procedures to achieve its objectives in accordance with its defined policies. Monitoring: Verizon monitors the System and takes action to maintain compliance with its defined policies. Physical Security Overview Verizon Terremark s physical security standards for data center facilities feature a centrally located guard post / command center that is staffed by security personnel at all times. Security personnel provide overall building security, monitor security cameras, guard building entrance and exit access points, and control access to the entire facility to employees, contractors, customers and visitors. The data centers in North America, Europe and Latin America are also continuously monitored by Verizon Security s central monitoring facilities in those regions. These facilities provide a backup response capability. Policies and Procedures Verizon Terremark security policies are documented and available to all employees on an internal web site. Employees receive security awareness training for both physical and information security as part of the onboarding process. This training is reinforced by security awareness articles and bulletins on current issues. Additionally, employees are also required to participate in annual security awareness training. Secure Area Access Control Areas designated to be secure areas continuously remain secure and are only accessed by authorized company personnel and/or visitors for approved purposes. Access is assigned based upon an individual s specific job assignment(s) and responsibilities. A centralized security badge access system provides controlled access to each facility. Administrative access privileges to the badge access systems are restricted to user accounts accessible by authorized personnel. Predefined physical security zones are utilized to define role-based access privileges to and throughout the data center facilities. The badge access system logs both successful and unsuccessful access attempts for ad hoc review. Access attempts are traceable to specific employee accounts. Verizon Terremark personnel must wear an authorized employee access badge while conducting business at a data center facility. Contractors, vendors, and visitors must obtain an access badge to gain entry into a data center facility. The on-duty security personnel are responsible for granting access to vendors, visitors and Verizon Terremark customers requiring access to their equipment. The security personnel are also responsible for security monitoring and reporting procedures, responding to building

18 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 alarms and monitoring video surveillance cameras. Security incidents are recorded in security patrol logs and investigated. Employee Access Requests for new employee access are submitted by Human Resources and include name of the new employee, department, site, supervisor and the access areas to be assigned. Requests for access are approved by employee s supervisor. Requests for changes in access for employees are submitted by a department supervisor and approved by the area authorizer. Employee terminations are submitted by Human Resources. Physical security personnel revoke access privileges assigned to terminated employees as a component of the employee termination process. Physical access rights are reviewed periodically by management to help ensure that access privileges are assigned to appropriate employees. Customer and Visitor Access Customers physical hardware is maintained in locked server racks/cabinets and cages within the data centers. Badge access cards and physical keys to the server racks/cabinets and cages located within the data centers are secured. Customer access to Verizon Terremark facilities is strictly enforced. Customers whose accounts are in good standing may visit their equipment at any time. Customers are required to comply with Verizon Terremark physical access procedures while on premises at the data center facility. To obtain access to the customer cages and/or racks/cabinets, a pre-approved customer contact must request that a particular customer employee or vendor be granted access in advance of the visit from the appropriate business or technical representative. Upon arrival at the data center, visitors requiring access must present government-issued photo identification to Verizon Terremark security personnel to obtain a visitor badge. Security personnel document the visitor s name, firm represented and the name of the employee authorizing physical access within the visitor access log. Visitor badges do not have physical access capabilities and are identifiably different from employee badges. Visitors are required to surrender their visitor badges upon departure from the data center facilities. Based on individual customer requirements, vendors representing customers may be required to provide evidence that they work for the specified vendor before they can obtain access, in addition to providing the government-issued photo identification. The vendor name must also appear on the approved access list. Vendors are required to be escorted and accompanied by an authorized Verizon Terremark employee when in sensitive areas. If an individual is not authorized for entry, he/she is prohibited from access into the data center. Video surveillance cameras are installed at each data facility. The video surveillance cameras are positioned to monitor for intrusion activities or possible vulnerabilities and are recorded on an ongoing basis. Cameras capture data centers, passageways, entrances, exits, and external surroundings. The digital video recorders are configured to retain the digital recordings for a minimum of 90 days for investigations

19 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 Environmental Safeguards Overview To minimize the likelihood of system outages and the effects of disasters on systems and operations, Verizon Terremark has implemented redundant environmental safeguards and backup power systems. The Manager of Data Center Operations and the Facilities Manager at each data center oversee the data center environmental safeguards and backup power management systems. The following section describes the environmental safeguards in place at each data center. Although minor differences exist between each of the data centers, the listed safeguards apply to the data centers in the scope of this report. Each data center is equipped to maintain continuous operation and protect against environmental extremes. The environment including temperature and humidity in each facility is controlled using air-conditioning systems that are regularly maintained. Additional cooling to the data center floor area is provided by multiple computer room air conditioning (CRAC) units. Each unit is attached to several leak detection sensors which are continuously monitored. The CRAC units are supported by multiple redundant water chiller systems. The temperature and humidity are monitored using a centralized monitoring system. Power Each Verizon Terremark data center utilizes separate and secure power management and power backup systems. The data centers utilize power from multiple commercial feeds from the local substations. In the event of a brief commercial power failure, the power is backed up by multiple redundant uninterruptible power supply (UPS) systems or continuous power systems (CPS). In the event of a power disruption, each facility s system is able to sustain power to critical areas including infrastructure and customer equipment until the diesel generators are activated. The redundant diesel generators provide additional power protection should a power disruption last more than a few minutes. The diesel generators can supply the power necessary for site management and can be refueled to power the facility. Generators and UPS systems are maintained and tested in accordance with a maintenance schedule. The electrical system, utility power, and distribution systems are monitored using a centralized monitoring system. The monitoring system generates alarms and alert notifications for possible failure or overloading of the electrical systems. Fire Detection and Suppression The environment is protected by a fire detection system with smoke detectors under the raised floor and on the ceiling or above the suspended ceiling, where applicable. The system is equipped with a local display panel and, in some facilities, the alarm signals are automatically transmitted to the local fire authority. In addition, alarm status signals will also be transmitted to the multi-zone pre-action dry pipe fire suppression system. The system has two levels of alarms before water can be released; an individual head must fuse and either a smoke or heat detector must activate. Water will then begin to flow at that location of the activated sprinkler head only. This configuration provides protection against accidental discharge of water by requiring two separate attributes to occur before releasing water. In the event of a system malfunction or unnecessary water discharge, the water supply to the sprinkler system can be shut down manually to prevent unnecessary water damage to the

20 Description of the Administration of Verizon Terremark Colocation Services for the Period from November 1, 2012 to October 31, 2013 equipment located on the data center floor. The data centers are also equipped with Power Off valves at the main data center exit. These Power Off valves can be used to quickly shut down the system in the event of an emergency to prevent unnecessary damage to the equipment. As an additional backup, hand-held fire extinguishers are in place for manual fire suppression. Monitoring and Inspections Each of the environmental safeguard and power management systems are monitored on a daily basis and inspected on a regular basis according to a predefined maintenance schedule. Verizon Terremark has developed standardized inspection procedures and schedules for the various systems. An enterprise monitoring system is in place to monitor certain environmental conditions throughout the data centers. The system is configured to alert facilities personnel via when predefined thresholds are exceeded on monitored systems. Network Availability Overview In order to help ensure that network devices and related services are available for operation and that network problems are identified, investigated, and resolved, Verizon Terremark uses a combination of monitoring tools, procedures and support protocols. Network monitoring policies and procedures are in place and provide guidance in the prioritization and handling of monitoring alerts and required activities that include the following: Network communications monitoring and troubleshooting Malicious Internet activity procedures NOC functions Handling failure alerts Handling site down alerts Handling warning alerts Network Operations Centers Verizon Terremark s Network Operations Centers (NOCs) serve as the central command points for service delivery and oversee day-to-day operations within each data center. Verizon Terremark s NOCs are staffed with support personnel on an ongoing basis. The continuous staffing schedule is instrumental in supporting customers on a global scale. NOC personnel oversee the enterprise monitoring applications that are in place to monitor the performance and availability of network communications devices and to help identify potential sources of failure. Service Centers Verizon Terremark s Service Centers (SCs) are the on-site resource centers for Verizon Terremark customers. The SC handles service inquiries and provides support for customers at each of the data center facilities. Network Device Configuration

Report of Independent Auditor

Report of Independent Auditor Ernst & Young LLP One Commerce Square Suite 700 2005 Market Street Philadelphia, PA 19103 Tel: +1 215 448 5000 Fax: +1 215 448 5500 ey.com Report of Independent Auditor To the Management of Verizon Communications

More information

MAG DATACENTERS, LLC ( FORTRUST ) Service Organization Controls 3

MAG DATACENTERS, LLC ( FORTRUST ) Service Organization Controls 3 MAG DATACENTERS, LLC ( FORTRUST ) Service Organization Controls 3 Report on FORTRUST s Enterprise Data Center and Colocation Services System Relevant to Security and Availability For the Period October

More information

CoreSite A Carlyle Company. 70 Innerbelt Colocation Services

CoreSite A Carlyle Company. 70 Innerbelt Colocation Services CoreSite A Carlyle Company 70 Innerbelt Colocation Services Independent Service Auditor s Report on s Placed in Operation and Tests of Operating Effectiveness For the Period of October 1, 2009, to March

More information

Service Organization Control (SOC 3) Report on a Description of the Data Center Colocation System Relevant to Security and Availability

Service Organization Control (SOC 3) Report on a Description of the Data Center Colocation System Relevant to Security and Availability 15301 Dallas Parkway, Suite 960, Addison, TX 75001 MAIN 214 545 3965 FAX 214 545 3966 www.bkmsh.com Service Organization Control (SOC 3) Report on a Description of the Data Center Colocation System Relevant

More information

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013 SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013 TABLE OF CONTENTS SECTION I: INDEPENDENT PRACTITIONERS TRUST SERVICES

More information

SOC 2 Report Seattle, WA (SEF)

SOC 2 Report Seattle, WA (SEF) SOC 2 Report Seattle, WA (SEF) October 1, 2013 January 31, 2014 Independent Service Auditor s Report INTERNAP NETWORK SERVICES CORPORATION Company-Controlled Data Center Services Type 2 Report on Controls

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

SECTION I: REPORT OF INDEPENDENT SERVICE AUDITORS... 3 SECTION II: MANAGEMENT OF INTERNAP NETWORK SERVICES CORPORATION'S ASSERTION 5

SECTION I: REPORT OF INDEPENDENT SERVICE AUDITORS... 3 SECTION II: MANAGEMENT OF INTERNAP NETWORK SERVICES CORPORATION'S ASSERTION 5 SOC 2 - Availability Report on Internap Network Services Corporation's Description of its SEF Company-Controlled Data Center System and Suitability of Design and Operating of Controls Throughout the Period

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

Service Organization Controls 3 Report. Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability

Service Organization Controls 3 Report. Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability Service Organization Controls 3 Report Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability for the period May 1, 2015 through October 31, 2015 Ernst &

More information

UCS Level 2 Report Issued to

UCS Level 2 Report Issued to UCS Level 2 Report Issued to MSPAlliance Unified Certification Standard (UCS) Report Copyright 2014 www.mspalliance.com/ucs info@mspalliance.com Welcome to the UCS report which stands for Unified Certification

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

INDEPENDENT PRACTITIONER S TRUST SERVICES REPORT LIQUID WEB, INC.

INDEPENDENT PRACTITIONER S TRUST SERVICES REPORT LIQUID WEB, INC. INDEPENDENT PRACTITIONER S TRUST SERVICES REPORT LIQUID WEB, INC. Web Hosting Services Trust Services Report on Management s Assertion (SOC 3) As Of June 30, 2014 LIQUID WEB, INC. Trust Services Report

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

Security Whitepaper: ivvy Products

Security Whitepaper: ivvy Products Security Whitepaper: ivvy Products Security Whitepaper ivvy Products Table of Contents Introduction Overview Security Policies Internal Protocol and Employee Education Physical and Environmental Security

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np

Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Rajan R. Pant Controller Office of Controller of Certification Ministry of Science & Technology rajan@cca.gov.np Meaning Why is Security Audit Important Framework Audit Process Auditing Application Security

More information

SITECATALYST SECURITY

SITECATALYST SECURITY SITECATALYST SECURITY Ensuring the Security of Client Data June 6, 2008 Version 2.0 CHAPTER 1 1 Omniture Security The availability, integrity and confidentiality of client data is of paramount importance

More information

Report of Independent Auditors

Report of Independent Auditors Ernst & Young LLP Suite 3300 370 17th Street Denver, Colorado 80202-5663 Tel: +1 720 931 4000 Fax: +1 720 931 4444 www.ey.com Report of Independent Auditors To the Management of NTT America, Inc.: We have

More information

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,

More information

Tom J. Hull & Company Type 1 SSAE 16 2014

Tom J. Hull & Company Type 1 SSAE 16 2014 Tom J. Hull & Company Type 1 SSAE 16 2014 REPORT ON MANAGEMENT S DESCRIPTION OF TOM J. HULL & COMPANY S SYSTEM AND THE SUITABILITY OF THE DESIGN OF CONTROLS Pursuant to Statement on Standards for Attestation

More information

Understanding Sage CRM Cloud

Understanding Sage CRM Cloud Understanding Sage CRM Cloud Data centre and platform security whitepaper Document version 2016 Table of Contents 1.0 Introduction 3 2.0 Sage CRM Cloud Data centre Infrastructure 4 2.1 Site location 4

More information

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1

Security Policy JUNE 1, 2012. SalesNOW. Security Policy v.1.4 2012-06-01. v.1.4 2012-06-01 1 JUNE 1, 2012 SalesNOW Security Policy v.1.4 2012-06-01 v.1.4 2012-06-01 1 Overview Interchange Solutions Inc. (Interchange) is the proud maker of SalesNOW. Interchange understands that your trust in us

More information

Data Center Overview Document

Data Center Overview Document Overview NetSource is a Chicago area (Naperville) hosting company that owns and operates its own world class datacenter. The initial datacenter buildout was put into operation in 2007 and expanded in 2013.

More information

SRA International Managed Information Systems Internal Audit Report

SRA International Managed Information Systems Internal Audit Report SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...

More information

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Information Technology General Controls Review (ITGC) Audit Program Prepared by: Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the

More information

Hosted Testing and Grading

Hosted Testing and Grading Hosted Testing and Grading Technical White Paper July 2014 www.lexmark.com Lexmark and Lexmark with diamond design are trademarks of Lexmark International, Inc., registered in the United States and/or

More information

SOC 1 (SSAE NO. 16) TYPE 2 REPORT ON CONTROLS PLACED IN OPERATION FOR DATA CENTER SERVICES BROADRIVER INC. AUGUST 1, 2014 TO JULY 31, 2015

SOC 1 (SSAE NO. 16) TYPE 2 REPORT ON CONTROLS PLACED IN OPERATION FOR DATA CENTER SERVICES BROADRIVER INC. AUGUST 1, 2014 TO JULY 31, 2015 SOC 1 (SSAE NO. 16) TYPE 2 REPORT ON CONTROLS PLACED IN OPERATION FOR DATA CENTER SERVICES BROADRIVER INC. AUGUST 1, 2014 TO JULY 31, 2015 BROADRIVER INC. Table of Contents SECTION 1: INDEPENDENT SERVICE

More information

Autodesk PLM 360 Security Whitepaper

Autodesk PLM 360 Security Whitepaper Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure

More information

Datacenter Hosting and Cloud Computing Services

Datacenter Hosting and Cloud Computing Services Datacenter Hosting and Cloud Computing Services Overview Background Founded in 1995, Lore Systems operates an international datacenter network which today includes full service 3+ datacenter facilities

More information

Powering the Cloud Desktop: OS33 Data Centers

Powering the Cloud Desktop: OS33 Data Centers OS33 Data Centers info@os33.com (866) 796-0310 www.os33.com It is hard to overstate the importance of security and uptime, which is why we obsess over making sure that your corporate information assets

More information

KeyLock Solutions Security and Privacy Protection Practices

KeyLock Solutions Security and Privacy Protection Practices KeyLock Solutions Overview KeyLock Solutions hosts its infrastructure at Heroku. Heroku is a cloud application platform used by organizations of all sizes to deploy and operate applications throughout

More information

INFORMATION TECHNOLOGY ENGINEER V

INFORMATION TECHNOLOGY ENGINEER V 1464 INFORMATION TECHNOLOGY ENGINEER V NATURE AND VARIETY OF WORK This is senior level lead administrative, professional and technical engineering work creating, implementing, and maintaining the County

More information

FormFire Application and IT Security. White Paper

FormFire Application and IT Security. White Paper FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development

More information

Data Center Infrastructure & Managed Services Outline

Data Center Infrastructure & Managed Services Outline Data Center Infrastructure & Managed Services Outline The 360 Technology Center Solutions Data Center is located in Lombard, IL, USA. We are 20 minutes outside of downtown Chicago. The 360TCS staff consists

More information

Tel: +1 123 456 7890 Fax: +1 123 456 7890 ey.com. Report of Independent Auditors

Tel: +1 123 456 7890 Fax: +1 123 456 7890 ey.com. Report of Independent Auditors Ernst & Young LLP Suite 3300 370 17th Street Denver, Colorado 80202-5663 Tel: +1 123 456 7890 Fax: +1 123 456 7890 ey.com To the Management of NTT America, Inc.: Report of Independent Auditors We have

More information

CHICAGO S PREMIERE DATA CENTER

CHICAGO S PREMIERE DATA CENTER CHICAGO S PREMIERE DATA CENTER White City collocation was founded in June, 2010 by a highly experienced industry executive in conjunction with several investment companies. The strategy of White City is

More information

Service Organization Control 1 Type II Report

Service Organization Control 1 Type II Report Service Organization Control 1 Type II Report Description of ViaWest, Inc. s Colocation System For the Period October 1, 2012 through September 30, 2013 With Independent Service Auditor s Assurance Report

More information

System Security Plan University of Texas Health Science Center School of Public Health

System Security Plan University of Texas Health Science Center School of Public Health System Security Plan University of Texas Health Science Center School of Public Health Note: This is simply a template for a NIH System Security Plan. You will need to complete, or add content, to many

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM

Las Vegas Datacenter Overview. Product Overview and Data Sheet. Created on 6/18/2014 3:49:00 PM Las Vegas Datacenter Overview Product Overview and Data Sheet Product Data Sheet Maintaining a Software as a Service (SaaS) environment with market leading availability and security is something that Active

More information

IT - General Controls Questionnaire

IT - General Controls Questionnaire IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow

More information

Security Controls for the Autodesk 360 Managed Services

Security Controls for the Autodesk 360 Managed Services Autodesk Trust Center Security Controls for the Autodesk 360 Managed Services Autodesk strives to apply the operational best practices of leading cloud-computing providers around the world. Sound practices

More information

Supplier Information Security Addendum for GE Restricted Data

Supplier Information Security Addendum for GE Restricted Data Supplier Information Security Addendum for GE Restricted Data This Supplier Information Security Addendum lists the security controls that GE Suppliers are required to adopt when accessing, processing,

More information

Colocation. Scalable Solutions for Shared IT Infrastructure. Enterprise. Colocation

Colocation. Scalable Solutions for Shared IT Infrastructure. Enterprise. Colocation Scalable Solutions for Shared IT Infrastructure Global competition, rising real estate and power costs, and shrinking IT budgets are causing today s businesses to seek alternatives to building their own

More information

HealthcareBookings.com Security Set Up

HealthcareBookings.com Security Set Up HealthcareBookings.com Security Set Up Introduction... 2 Overview of the process for using HealthcareBookings.com... 2 Professionals... 2 Patients... 3 Passwords... 4 Hosting Security... 4 Overview of

More information

Colocation. Scalable Solutions for a Shared IT Infrastructure. Enterprise. Colocation

Colocation. Scalable Solutions for a Shared IT Infrastructure. Enterprise. Colocation Scalable Solutions for a Shared IT Infrastructure Global and domestic competition, rising real estate and power costs, and shrinking IT budgets are causing today s businesses to seek alternatives to building

More information

KEEN - Reliable Infrastructure, Built to Last

KEEN - Reliable Infrastructure, Built to Last KEEN - Reliable Infrastructure, Built to Last 2 KEEN--Reliable Infrastructure, Built to Last A strong network infrastructure is the underpinning of the Knowledge Elements Education Network (KEEN). It is

More information

State of Texas. TEX-AN Next Generation. NNI Plan

State of Texas. TEX-AN Next Generation. NNI Plan State of Texas TEX-AN Next Generation NNI Plan Table of Contents 1. INTRODUCTION... 1 1.1. Purpose... 1 2. NNI APPROACH... 2 2.1. Proposed Interconnection Capacity... 2 2.2. Collocation Equipment Requirements...

More information

Rely on a Trusted Resource

Rely on a Trusted Resource Colocation Rely on a Trusted Resource┬╗ Highly secure environment to deploy your computing, network, storage and IT infrastructure┬╗ Helps reduce capital and operational expenses required to run mission-critical

More information

DATA CENTRE DATA CENTRE MAY 2015

DATA CENTRE DATA CENTRE MAY 2015 DATA CENTRE DATA CENTRE MAY 2015 CONCERTHOUSE MUSIC Concerthouse Music Data Centre services are located in the Equinix Internet Business Exchange (IBX ) Centre at Mascot. This IBX offers the highest level

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS

GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS A White Paper by i2c, Inc. 1300 Island Drive Suite 105 Redwood City, CA 94065 USA +1 650-593-5400 sales@i2cinc.com www.i2cinc.com Table of

More information

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES Contents Introduction... 3 The Technical and Organizational Data Security Measures... 3 Access Control of Processing Areas (Physical)... 3 Access Control

More information

Putnam/Northern Westchester BOCES Internal Audit Report on Information Technology

Putnam/Northern Westchester BOCES Internal Audit Report on Information Technology 6G Putnam/Northern Westchester BOCES Internal Audit Report on Information Technology TABLE OF CONTENTS Page Report on Internal Controls Related to Information Technology Network and Network Security 1

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis

Information Security Risk Assessment Checklist. A High-Level Tool to Assist USG Institutions with Risk Analysis Information Security Risk Assessment Checklist A High-Level Tool to Assist USG Institutions with Risk Analysis Updated Oct 2008 Introduction Information security is an important issue for the University

More information

vcloud SERVICE Virtual Tech in partnership with Equinix - vcloud Service

vcloud SERVICE Virtual Tech in partnership with Equinix - vcloud Service vcloud SERVICES vcloud SERVICE Virtual Tech offers competitive pricing on vcloud hosted services at our world class Tier 4 data centre facility fully equipped with redundant power, cooling, internet connectivity

More information

Sample CDC Certification and Accreditation Checklist For an Application That Is Considered a Moderate Threat

Sample CDC Certification and Accreditation Checklist For an Application That Is Considered a Moderate Threat Sample CDC Certification and Accreditation Checklist For an Application That Is Considered a Moderate Threat Centers for Disease and Prevention National Center for Chronic Disease Prevention and Health

More information

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8.

micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) August, 2013 Revision 8.0 MICROS Systems, Inc. Version 8. micros MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 1 Table of Contents Overview /Standards: I. Information Security Policy/Standards Preface...5 I.1 Purpose....5

More information

StratusLIVE for Fundraisers Cloud Operations

StratusLIVE for Fundraisers Cloud Operations 6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace

More information

Security Control Standard

Security Control Standard Department of the Interior Security Control Standard Physical and Environmental Protection April 2011 Version: 1.1 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior,

More information

Consensus Policy Resource Community. Lab Security Policy

Consensus Policy Resource Community. Lab Security Policy Lab Security Policy Free Use Disclaimer: This policy was created by or for the SANS Institute for the Internet community. All or parts of this policy can be freely used for your organization. There is

More information

Frankfurt Data Centre Overview

Frankfurt Data Centre Overview Technical Services Briefing Document Frankfurt Data Centre Overview Version 2.1 Contents Introduction... 3 TelecityGroup Data Centre in Frankfurt... 4 Data Centre Characteristics... 4 Technologies in Use

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

Netop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing

Netop Environment Security. Unified security to all Netop products while leveraging the benefits of cloud computing Netop Environment Security Unified security to all Netop products while leveraging the benefits of cloud computing Contents Introduction... 2 AWS Infrastructure Security... 3 Standards - Compliancy...

More information

Music Recording Studio Security Program Security Assessment Version 1.1

Music Recording Studio Security Program Security Assessment Version 1.1 Music Recording Studio Security Program Security Assessment Version 1.1 DOCUMENTATION, RISK MANAGEMENT AND COMPLIANCE PERSONNEL AND RESOURCES ASSET MANAGEMENT PHYSICAL SECURITY IT SECURITY TRAINING AND

More information

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL

Access Control BUSINESS REQUIREMENTS FOR ACCESS CONTROL AU7087_C013.fm Page 173 Friday, April 28, 2006 9:45 AM 13 Access Control The Access Control clause is the second largest clause, containing 25 controls and 7 control objectives. This clause contains critical

More information

Perceptive Software Platform Services

Perceptive Software Platform Services Perceptive Software Platform Services CLOUD SOLUTIONS process and content management Perceptive Software Platform Services Perceptive Software process and content management systems have been deployed

More information

Estate Agents Authority

Estate Agents Authority INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in

More information

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL FINAL REPORT: U.S. Election Assistance Commission Compliance with the Requirements of the Federal Information Security Management Act Fiscal

More information

Managed Enterprise Internet and Security Services

Managed Enterprise Internet and Security Services Managed Enterprise Internet and Security Services NOMINATING CATEGORY: CYBER SECURITY INITIATIVES NOMINATOR: TONY ENCINIAS, CHIEF INFORMATION OFFICER COMMONWEALTH OF PENNSYLVANIA FINANCE BUILDING HARRISBURG,

More information

White paper. SAS Solutions OnDemand Hosting Overview

White paper. SAS Solutions OnDemand Hosting Overview White paper SAS Solutions OnDemand Hosting Overview Contents Overview...1 Cary 1 Facility Specifications...2 Cary 2 Facility Specifications (SAS New Cloud Computing Center)...3 Charlotte 1 Facility Specifications...4

More information

Data Center Colocation - SLA

Data Center Colocation - SLA 1 General Overview This is a Service Level Agreement ( SLA ) between and Data Center Colocation to document: The technology services Data Center Colocation provides to the customer The targets for response

More information

Report on FTHC, LLC d/b/a Miami Data Vault s Description of its Data Center System and on the Suitability of the Design and Operating Effectiveness

Report on FTHC, LLC d/b/a Miami Data Vault s Description of its Data Center System and on the Suitability of the Design and Operating Effectiveness Report on FTHC, LLC d/b/a Miami Data Vault s Description of its Data Center System and on the Suitability of the Design and Operating (SOC 1) For the period August 1, 2014 through July 31, 2015 In Accordance

More information

Report of Independent Accountants. To the Management of Verizon Communications Inc. Verizon Business IP Application Hosting:

Report of Independent Accountants. To the Management of Verizon Communications Inc. Verizon Business IP Application Hosting: Report of Independent Accountants Ernst & Young, LLP Two Commerce Square Suite 4000 2001 Market Street Philadelphia, Pennsylvania 19103-7096 Tel: +1 215 448 5000 Fax: +1 215 448 4069 www.ey.com To the

More information

Independent Service Auditor s Report

Independent Service Auditor s Report Independent Service Auditor s Report Microsoft Corporation Global Foundation Services Independent SOC 3 Report for the Security and Availability Trust Principle for Microsoft GFS 1 Independent Service

More information

Network Router Monitoring & Management Services

Network Router Monitoring & Management Services Network Router Monitoring & Management Services Get different parameters of routers monitored and managed, and protect your business from planned and unplanned downtime. SERVICE DEFINITION: NETWORK ROUTER

More information

Level I - Public. Technical Portfolio. Revised: July 2015

Level I - Public. Technical Portfolio. Revised: July 2015 Level I - Public Technical Portfolio Revised: July 2015 Table of Contents 1. INTRODUCTION 3 1.1 About Imaginatik 3 1.2 Taking Information Security Seriously 3 2. DATA CENTER SECURITY 3 2.1 Data Center

More information

san francisco//usa data center specifications tel: +61 2 9948 8888 fax: +61 2 9948 1111 internet + intellectual property + intelligence

san francisco//usa data center specifications tel: +61 2 9948 8888 fax: +61 2 9948 1111 internet + intellectual property + intelligence internet + intellectual property + intelligence We thank you for the opportunity to work with you regarding your colocation needs in San Francisco, USA. We can colocate standard rack-mountable servers

More information

Data Center Checklist

Data Center Checklist Data Center Checklist The use of colocation and services has continued to increase, rapidly becoming the solution of choice for organizations requiring an efficient, secure, cost-effective way to manage

More information

INFORMATION TECHNOLOGY POLICY

INFORMATION TECHNOLOGY POLICY COMMONWEALTH OF PENNSYLVANIA DEPARTMENT OF PUBLIC WELFARE INFORMATION TECHNOLOGY POLICY Name Of Policy: Physical and Environmental Security Policy Domain: Security Date Issued: 06/09/11 Date Revised: 10/11/13

More information

1. Introduction... 2 2. Availability & types of colocation... 2

1. Introduction... 2 2. Availability & types of colocation... 2 Service Description Service Description COLOCATION SERVICES 1. Introduction... 2 2. Availability & types of colocation... 2 2.1 Signature Colocation... 2 2.2 Sterling Colocation... 3 2.3 Network Colocation...

More information

Qvidian Hosted Customer Technical Portfolio

Qvidian Hosted Customer Technical Portfolio Introduction The presents a description of Qvidian s Software as a Service (SaaS) deployment model, providing information on the Qvidian architecture and security practices. This document includes descriptions

More information

Private Clouds & Hosted IT Solutions

Private Clouds & Hosted IT Solutions Private Clouds & Hosted IT Solutions Your Infrastructure, our datacenters With the help of its World-class partners, PBC can safely host any of your Mission-critical application on powerful, secure, Dedicated

More information

Security Document. Issued April 2014 Updated October 2014 Updated May 2015

Security Document. Issued April 2014 Updated October 2014 Updated May 2015 Security Document Issued April 2014 Updated October 2014 Updated May 2015 Table of Contents Issued April 2014... 1 Updated October 2014... 1 Updated May 2015... 1 State-of-the-art Security for Legal Data...

More information

NY-1 DATACENTER AT A GLANCE. NY-1 is a Tier III-rated, SAS SSAE16 and HIPAA-certified data center

NY-1 DATACENTER AT A GLANCE. NY-1 is a Tier III-rated, SAS SSAE16 and HIPAA-certified data center NY-1 1.866.WEBAIR.1 WWW.NY1.WEBAIR.COM NY-1 LONG ISLAND S MOST SECURE, FULLY-REDUNDANT DATA CENTER ENTERPRISE COLOCATION, PRIVATE AND HYBRID CLOUD SOLUTIONS, AND MANAGED SERVICES. DATACENTER Enjoy the

More information

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS 7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS ExecutiveBrief P a g e 1 Executive Brief 7 Questions You Need to Ask Before Choosing a Colocation Facility for Your Business Choosing

More information

Security and Data Center Overview

Security and Data Center Overview Security and Data Center Overview September, 2012 For more information, please contact: Matt McKinney mattm@canadianwebhosting.com 888-821-7888 x 7201 Canadian Web Hosting (www.canadianwebhosting.com)

More information

Contents Error! Bookmark not defined. Error! Bookmark not defined. Error! Bookmark not defined.

Contents Error! Bookmark not defined. Error! Bookmark not defined. Error! Bookmark not defined. We Do It Better. Contents Introduction...3 Service and Support...3 Data Center Details...4 Security...4 Location...4 Power...4 Humidification...5 AC...5 Cooling...6 Datacenter Features...6 SAS 70...6 PCI

More information

VMware vcloud Air HIPAA Matrix

VMware vcloud Air HIPAA Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

More information

TRADITIONAL ENTERPRISE SCIENTIFIC SOFTWARE

TRADITIONAL ENTERPRISE SCIENTIFIC SOFTWARE TRADITIONAL ENTERPRISE SCIENTIFIC SOFTWARE deployments have been complicated and expensive. They require a data center with office space, power, cooling, bandwidth, networks, servers, and storage. They

More information

Colocation Hosting Primer Making the Business and IT Case for Colocation

Colocation Hosting Primer Making the Business and IT Case for Colocation Where every interation matters. Colocation Hosting Primer Making the Business and IT Case for Colocation White Paper February 2012 By: Peer 1 Hosting Product Team www.peer1.com Contents Overview 3 Why

More information

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture

Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture Data Security and Privacy Principles for IBM SaaS How IBM Software as a Service is protected by IBM s security-driven culture 2 Data Security and Privacy Principles for IBM SaaS Contents 2 Introduction

More information

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public] IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System

More information

DATA CENTRE DATA CENTRE

DATA CENTRE DATA CENTRE DATA CENTRE DATA CENTRE v. OCT 2014 DJ CENTRAL DJ Central Data Centre services are located in the Equinix Internet Business Exchange (IBX ) Centre at Mascot. This IBX offers the highest level of service

More information

VMware vcloud Air SOC 1 Control Matrix

VMware vcloud Air SOC 1 Control Matrix SOC 1 Control Objectives/Activities Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a variety of industry standard audits,

More information

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1

UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 UNIFIED MEETING 5 SECURITY WHITEPAPER INFO@INTERCALL.COM INTERCALL.COM 800.820.5855 1 As organizations unlock the true potential of meeting over the web as an alternative to costly and timeconsuming travel,

More information