Report of Independent Accountants. To the Management of Verizon Communications Inc. Verizon Business IP Application Hosting:

Size: px
Start display at page:

Download "Report of Independent Accountants. To the Management of Verizon Communications Inc. Verizon Business IP Application Hosting:"

Transcription

1 Report of Independent Accountants Ernst & Young, LLP Two Commerce Square Suite Market Street Philadelphia, Pennsylvania Tel: Fax: To the Management of Verizon Communications Inc. Verizon Business IP Application Hosting: We have examined management s assertion included in the accompanying "Report by Management on the Effectiveness of Its Controls over the Verizon Communications Inc. Verizon Business IP Application Hosting Customer Production Environment Located in the Beltsville, Maryland; Frankfurt, Germany; London, United Kingdom; San Jose, California; and Tokyo, Japan data centers, Collectively Referred to as Verizon Business IPAH, based on the AICPA/CICA Trust Services Principles and Criteria" (Management's Report) that Verizon Communications Inc. Verizon Business IP Application Hosting, during the period November 1, 2008 through October 31, 2009 maintained effective controls over the Verizon Communications Inc. Verizon Business IPAH Customer Production Environment to provide reasonable assurance that the Verizon Communications Inc. Verizon Business IPAH Customer Production Environment was: protected against unauthorized access (both physical and logical) and available for operation and use, as committed and agreed based on the AICPA/CICA Trust Services Security and Availability Principles and Criteria. This assertion is the responsibility of Verizon Communications Inc. Verizon Business IPAH management. Our responsibility is to express an opinion based on our examination. Our examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and, accordingly, included (1) obtaining an understanding of Verizon Communications Inc. Verizon Business IPAH s relevant security and availability controls over the Verizon Communications Inc. Verizon Business IPAH Customer Production Environment; (2) testing and evaluating the operating effectiveness of the controls over the Verizon Communications Inc. Verizon Business IPAH Customer Production Environment; and (3) performing such other procedures as we considered necessary in the circumstances. We believe that our examination provides a reasonable basis for our opinion. Because of inherent limitations in controls, error or fraud may occur and not be detected. Furthermore, the projection of any conclusions, based on our findings, to future periods is subject to the risk that the validity of such conclusions may be altered because of changes made to the system or controls, the failure to make needed changes to the system or controls, or deterioration in the degree of effectiveness of the controls. In our opinion, Verizon Communications Inc. Verizon Business IPAH management s assertion referred to above is fairly stated, in all material respects, based on the AICPA/CICA Trust Services Security and Availability Principles and Criteria. The SysTrust Seal on Verizon Communications Inc. Verizon Business IPAH web site constitutes a symbolic representation of the contents of this report and it is not intended, nor should it be construed, to update this report or provide any additional assurance. December 30, 2009 A member firm of Ernst & Young Global Limited

2 Report by Management on the Effectiveness of Its Controls over the Verizon Business IP Application Hosting Customer Production Environment Located in the Beltsville, Maryland; Frankfurt, Germany; London, United Kingdom; San Jose, California; and Tokyo, Japan Data Centers, Collectively Referred to as Verizon Business IPAH, Based on the AICPA/CICA Trust Services Principles and Criteria Verizon Communications Inc. Verizon Business IP Application Hosting has established and is responsible for maintaining effective controls over the security and availability of the Verizon Communications Inc. Verizon Business IP Application Hosting Customer Production Environment located in the Beltsville, Maryland; Frankfurt, Germany; London, United Kingdom; San Jose, California; and Tokyo, Japan data centers, all collectively referred to as Verizon Business IPAH to provide reasonable assurance that the Verizon Business IPAH Customer Production Environment was: protected against unauthorized access (both physical and logical), and available for operation and use, as committed and agreed, during the period November 1, 2008 to October 31, 2009, based on the Trust Services Principles and Criteria established by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA). The AICPA/CICA Trust Services Principles and Criteria contain the following definitions of the security and availability of the system: Security: the system was protected against unauthorized access (both physical and logical). Availability: the system was available for operation and use, as committed and agreed. The AICPA/CICA Trust Services Principles and Criteria may be obtained from the AICPA s website at Our attached Description of Verizon Communications Inc. Verizon Business IPAH Customer Production Environment identifies the aspects of the customer production environment covered by our assertions. John Tomljanovic Director - Product Management IT Solutions Verizon Business December 30, 2009

3 Description of the Verizon Communications Inc. Verizon Business IP Application Hosting Customer Production Environment Verizon Communications Inc. Verizon Business IP Application Hosting services include implementation and maintenance of secure, scalable, high-performance IP Application Hosting solutions in the Beltsville, Maryland; Frankfurt, Germany; London, United Kingdom; San Jose, California; and Tokyo, Japan data centers, collectively referred to as Verizon Business IPAH. Verizon Business IPAH functions and managed services encompass managed systems, sites, firewalls, and monitoring of those system components 24 hours per day 7 days per week. Verizon Business IPAH services include providing system hardware, software, network technology, security services logical and physical, and systems management necessary to offer customers comprehensive outsourced IP application hosting solutions. Verizon Business IPAH provides the computer hardware, software, network technology, 24x7x365 certified technical staff, and systems management necessary to provide customers comprehensive, managed IP application hosting solutions. Verizon Business IPAH also offers related value-added services such as 24x7x365 installation, configuration and firewall management, security auditing and intrusion detection, stress testing, and consulting services including capacity, migration planning, and database optimization. Each Verizon Business IPAH managed solution is launched on a hardened operating system, which is scaled to provide secure transactions, operations, services, and processes. Verizon Business IPAH reevaluates the standard build quarterly to provide managed clients with the most recent updates, upgrades, patches, and security hardened platforms, providing customers systems and sites with the latest technological advances and techniques. Customer servers are logically separated and utilize a common networking infrastructure. Verizon Business Smart Centers are geographically separated in five locations including Beltsville, Maryland; Frankfurt, Germany; London, United Kingdom; San Jose, California; and Tokyo, Japan. Each Smart Center is comprised of several server farms housing customer servers and Verizon Business infrastructure. The primary server and network monitoring facility is located in Maryland. The following sections define the boundaries of each of the five components that comprise Verizon Business IPAH system: Infrastructure Hardware, Infrastructure Software, Data, People, and Policies and Procedures. Infrastructure Hardware and Software Verizon Business IPAH core business function is to provide a platform on which customer solutions are hosted. While Verizon Business IPAH does not control customer-specific content or data, it does provide the necessary system components and services as a base for customer applications and/or content. Verizon Business IPAH supports several hardware and platform combinations: HP/Microsoft Windows, HP/Red Hat Linux, HP/UX, HP/IBM AIX and Sun/Sun Solaris. Verizon Business IPAH provides a catalogue of services and applications, which are supported to provide customers with a diversified topology. Verizon Business IPAH firewall solutions are implemented and operate on Nokia platforms using Checkpoint software. Verizon Business IPAH ability to provide redundancy, high availability, and VPN, helps to ensure that Verizon Business IPAH customers are afforded expedited, secured transactions.

4 Data Customer data is stored within the customer s database server and is the responsibility of the customer. Verizon Business IPAH performs both full and incremental backups of client data on the servers and data drives. Full backups are run once per week capturing every file on the local drives that are not open and in use at the time the backup process is running. Incremental backups run every night to capture files changed or created since the last backup. Backup tapes are shipped to an off site vendor for storage and recovery. Access to client s data and database servers is limited to technicians within Verizon Business IPAH who have been appropriately authorized. Customer access to data is controlled by the customers. The Network Operations Center (NOC) monitors network and server availability. The NOC is staffed 24x7 and is responsible for identifying network and server related problems and ensuring that those problems are resolved. When alerts are received, staff members resolve the issues according to documented procedures and escalate the issues as necessary in order to provide a quick resolution. Subject matter experts are included in these notifications, as well as, senior management and customers. Physical access to server farms housing customer data is restricted based on job function. Access to these areas is monitored by security guards and logged in an automated system. People The organizational structure at Verizon Business IPAH provides the overall framework for planning, directing, and controlling operations. This structure provides defined responsibilities and lines of authority for reporting and communication. Verizon Business IPAH has assembled some of the industry s leading technical experts. Several groups share responsibility for the day-to-day operation of the data centers and customer servers. These include Client Services and Technical Operations. Each of these groups is further broken into units based upon areas of specialization. Some of their general responsibilities include: Client Services Technical Operations Responsible for customer support, reporting, and coordination of growth planning for customer sites. Services are provided according to the level of service that the customer contracts for. Client Services also serves as a primary point of contact for customers and customer help desk support. Responsible for problem resolution, upgrades, patch installations, server modifications, customer configurations, and customer server maintenance. Separate groups exist for Windows and UNIX-based systems and Network Equipment.

5 Policies & Procedures Verizon Business IPAH has documented polices and procedures supporting critical controls for their customer production environment, including: Physical Security Logical Security System Implementation and Maintenance Server and Network Monitoring and Problem Resolution Server Backup and Recovery and Environmental Controls These policies and procedures are available to employees for reference on the Verizon Business Intranet.

Service Organization Control 3 Report

Service Organization Control 3 Report Service Organization Control 3 Report Description of Cbeyond Cloud Services IT Outsourcing Services relevant to Security and Availability For the period January 1, 2011 through August 31, 2011 with the

More information

Report of Independent Auditors

Report of Independent Auditors Ernst & Young LLP Suite 3300 370 17th Street Denver, Colorado 80202-5663 Tel: +1 720 931 4000 Fax: +1 720 931 4444 www.ey.com Report of Independent Auditors To the Management of NTT America, Inc.: We have

More information

Service Organization Controls 3 Report

Service Organization Controls 3 Report Service Organization Controls 3 Report Report on the Amazon Web Services System Relevant to Security For the Period April 1, 2013 March 31, 2014 Ernst & Young LLP Suite 1600 560 Mission Street San Francisco,

More information

Independent Service Auditor s Report

Independent Service Auditor s Report Independent Service Auditor s Report Microsoft Corporation Global Foundation Services Independent SOC 3 Report for the Security and Availability Trust Principle for Microsoft GFS 1 Independent Service

More information

SOC 3 for Security and Availability

SOC 3 for Security and Availability SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2013 through September 30, 2014 Independent SOC 3 Report for the Security and Availability Trust

More information

Independent Service Auditors Report

Independent Service Auditors Report KPMG LLP Suite 1400 55 Second Street San Francisco, CA 94105 Independent Service Auditors Report The Board of Directors of GoDaddy.com, LLC: We have examined management's assertion that during the period

More information

System Description of the Date Center System Relevant to Security and Availability (SOC 3) November 1, 2011 through April 30, 2012

System Description of the Date Center System Relevant to Security and Availability (SOC 3) November 1, 2011 through April 30, 2012 System Description of the Date Center System Relevant to Security and Availability (SOC 3) November 1, 2011 through April 30, 2012 Moss Adams LLP 9665 Granite Ridge Drive, Suite 600 San Diego, CA 92123

More information

MAG DATACENTERS, LLC ( FORTRUST ) Service Organization Controls 3

MAG DATACENTERS, LLC ( FORTRUST ) Service Organization Controls 3 MAG DATACENTERS, LLC ( FORTRUST ) Service Organization Controls 3 Report on FORTRUST s Enterprise Data Center and Colocation Services System Relevant to Security and Availability For the Period October

More information

Tel: +1 123 456 7890 Fax: +1 123 456 7890 ey.com. Report of Independent Auditors

Tel: +1 123 456 7890 Fax: +1 123 456 7890 ey.com. Report of Independent Auditors Ernst & Young LLP Suite 3300 370 17th Street Denver, Colorado 80202-5663 Tel: +1 123 456 7890 Fax: +1 123 456 7890 ey.com To the Management of NTT America, Inc.: Report of Independent Auditors We have

More information

Service Organization Controls 3 Report. Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability

Service Organization Controls 3 Report. Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability Service Organization Controls 3 Report Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability for the period May 1, 2015 through October 31, 2015 Ernst &

More information

Managed Enterprise Internet and Security Services

Managed Enterprise Internet and Security Services Managed Enterprise Internet and Security Services NOMINATING CATEGORY: CYBER SECURITY INITIATIVES NOMINATOR: TONY ENCINIAS, CHIEF INFORMATION OFFICER COMMONWEALTH OF PENNSYLVANIA FINANCE BUILDING HARRISBURG,

More information

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013 SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013 TABLE OF CONTENTS SECTION I: INDEPENDENT PRACTITIONERS TRUST SERVICES

More information

SOC 3 for Security and Availability

SOC 3 for Security and Availability SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2014 through September 30, 2015 Independent SOC 3 Report for the Security and Availability Trust

More information

Ayla Networks, Inc. SOC 3 SysTrust 2015

Ayla Networks, Inc. SOC 3 SysTrust 2015 Ayla Networks, Inc. SOC 3 SysTrust 2015 SOC 3 SYSTRUST FOR SERVICE ORGANIZATIONS REPORT July 1, 2015 To December 31, 2015 Table of Contents SECTION 1 INDEPENDENT SERVICE AUDITOR S REPORT... 2 SECTION 2

More information

SERVICE ORGANIZATION CONTROL 3 REPORT

SERVICE ORGANIZATION CONTROL 3 REPORT SERVICE ORGANIZATION CONTROL 3 REPORT Digital Certificate Solutions, Comodo Certificate Manager (CCM), and Comodo Two Factor Authentication (Comodo TF) Services For the period April 1, 2013 through March

More information

Report of Independent Auditor

Report of Independent Auditor Ernst & Young LLP One Commerce Square Suite 700 2005 Market Street Philadelphia, PA 19103 Tel: +1 215 448 5000 Fax: +1 215 448 5500 ey.com Report of Independent Auditor To the Management of Verizon Communications

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

Service Organization Control (SOC 3) Report on a Description of the Data Center Colocation System Relevant to Security and Availability

Service Organization Control (SOC 3) Report on a Description of the Data Center Colocation System Relevant to Security and Availability 15301 Dallas Parkway, Suite 960, Addison, TX 75001 MAIN 214 545 3965 FAX 214 545 3966 www.bkmsh.com Service Organization Control (SOC 3) Report on a Description of the Data Center Colocation System Relevant

More information

Report of Independent Auditors. To the Management of China Internet Network Information Centre Certificate Authority Centre:

Report of Independent Auditors. To the Management of China Internet Network Information Centre Certificate Authority Centre: Ernst & Young 18th Floor Two International Finance Centre 8 Finance Street, Central Hong Kong Tel: +852 2846 9888 Fax: +852 2868 4432 www.ey.com 安永會計師事務所香港中環金融街 8 號國際金融中心 2 期 18 樓 電話 : +852 2846 9888 傳真

More information

Independent Accountant s Report

Independent Accountant s Report Independent Accountant s Report To the Management of GeoTrust, Inc.: We have examined the assertion by the management of GeoTrust, Inc. ( GeoTrust ) that in providing its Certification Authority ( CA )

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

Independent Accountants Report

Independent Accountants Report KPMG LLP 1601 Market Street Philadelphia, PA 19103-2499 Independent Accountants Report To the Management of Unisys Corporation: We have examined the assertion by the management of Unisys Corporation (

More information

HP Security Assessment Services

HP Security Assessment Services HP Security Assessment Services HP Data Center Services Technical data Your corporate information and intellectual property are important assets that you want to protect from unauthorized users. Developing

More information

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,

More information

PAAS Public Sector Managed Services

PAAS Public Sector Managed Services Meritec Limited Meritec House, Acorn Business Park, Skipton, North Yorkshire, BD23 2UE 0845 3451155 servicepoint@meritec.co.uk www.meritec.co.uk Registered In England & Wales No. 3224622 Table of Contents

More information

DATA CENTER SOLUTIONS

DATA CENTER SOLUTIONS DATA CENTER SOLUTIONS Local Customer Support Geographic Redundancy Hardened, Secure Facilities Our Network Operations Center is located in Toledo, Ohio. That means your data and the people who support

More information

Report of Independent Accountants. To the Management of Globalsign SA/NV,

Report of Independent Accountants. To the Management of Globalsign SA/NV, Ernst & Young Technology & Security Risk Services Avenue Marcel Thiry 204 Marcel Thirylaan 204 B - 1200 Bruxelles Brussel Tel: +32 (0)2 774 97 74 Fax: +32 (0)2 774 94 79 www.ey.com/be Report of Independent

More information

Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security

Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security For the Period January 1, 2015 through June 30, 2015 SOC 3 SM SOC 3 is a service

More information

California Department of Technology, Office of Technology Services AIX/LINUX PLATFORM GUIDELINE Issued: 6/27/2013 Tech.Ref No. 04.17.

California Department of Technology, Office of Technology Services AIX/LINUX PLATFORM GUIDELINE Issued: 6/27/2013 Tech.Ref No. 04.17. Table of Contents 1.0 GENERAL... 3 1.1 SUMMARY... 3 1.2 REFERENCES... 3 1.3 SUBMITTALS... 3 1.3.1 General... 3 1.3.2 Service Request Criteria... 4 1.4 EXPECTATIONS... 4 1.4.1 OTech... 4 1.4.2 Customer...

More information

Client Security Risk Assessment Questionnaire

Client Security Risk Assessment Questionnaire Select the appropriate answer from the drop down in the column, and provide a brief description in the section. 1 Do you have a member of your organization with dedicated information security duties? 2

More information

Service Offering: Outsourced IdM Administrator Service

Service Offering: Outsourced IdM Administrator Service Service Offering: Outsourced IdM Administrator Service 2014 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 The Outsourced IdM Administrator Service 2 2.1 Hitachi ID Systems and

More information

Agilisys G-Cloud Service V

Agilisys G-Cloud Service V Agilisys G-Cloud Service V Service Definition Endpoint Management Lot 1 Infrastructure as a Service (IaaS) April 2014 At Agilisys we deliver success through innovation working with our clients to transform

More information

Information for Management of a Service Organization

Information for Management of a Service Organization Information for Management of a Service Organization Copyright 2011 American Institute of Certified Public Accountants, Inc. New York, NY 10036-8775 All rights reserved. For information about the procedure

More information

Attachment E. RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive.

Attachment E. RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive. Attachment E RFP Requirements: Mandatory Requirements: Vendor must respond with Yes or No. A No response will render the vendor nonresponsive. Questions Support for Information Security 1. The Supplier

More information

Perceptive Software Platform Services

Perceptive Software Platform Services Perceptive Software Platform Services CLOUD SOLUTIONS process and content management Perceptive Software Platform Services Perceptive Software process and content management systems have been deployed

More information

Implementing Managed Services in the Data Center and Cloud Space

Implementing Managed Services in the Data Center and Cloud Space Implementing Managed Services in the Data Center and Cloud Space 1 Managed Hosting Offerings 2 Managed Network Services Diverse 10Gbps backbone between data centers meshed with Windstream s nationwide

More information

Contents UNIFIED COMPUTING DATA SHEET. Virtual Data Centre Support. www.interoute.com

Contents UNIFIED COMPUTING DATA SHEET. Virtual Data Centre Support. www.interoute.com Contents Scope of this Document... 2 Product Overview... 2 Virtual Data Centre and VDC Dedicated Infrastructure... 2 Service Levels... 3 Severity and Support Response Times... 4 On-boarding... 5 Incident

More information

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public]

IBX Business Network Platform Information Security Controls. 2015-02- 20 Document Classification [Public] IBX Business Network Platform Information Security Controls 2015-02- 20 Document Classification [Public] Table of Contents 1. General 2 2. Physical Security 2 3. Network Access Control 2 4. Operating System

More information

Information Technology General Controls And Best Practices

Information Technology General Controls And Best Practices Paul M. Perry, FHFMA, CITP, CPA Alabama CyberNow Conference April 5, 2016 Information Technology General Controls And Best Practices 1. IT General Controls - Why? 2. IT General Control Objectives 3. Documentation

More information

PULSE SECURE CARE PLUS SERVICES

PULSE SECURE CARE PLUS SERVICES DATASHEET PULSE SECURE CARE PLUS SERVICES Service Overview In today s dynamic marketplace, organizations are under constant pressure to meet market demand while maintaining or increasing return on investment.

More information

IBM AIX MANAGED SERVICES:

IBM AIX MANAGED SERVICES: IBM AIX MANAGED SERVICES: REMOTE MONITORING REMOTE ADMINISTRATION MANAGED HOSTING Reduce Your IBM AIX (pseries) Operating Costs & Get Higher Uptime. Let Connectria Help Run Your IBM AIX (pseries) Environment.

More information

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0 Unless otherwise stated, these Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies

More information

The case for cloud computing is becoming more clear.

The case for cloud computing is becoming more clear. Executive Summary The case for cloud computing is becoming more clear. Cloud computing has been a hot topic lately, and for good reason. With it, companies can gain potential competitive advantages that

More information

Introduction. Price model and service level. Structure of the service

Introduction. Price model and service level. Structure of the service Introduction IP-Only provides a service called Virtual Server in which the customer receives server capacity accessed through IP-Only s communications services. This type of service is also called cloud

More information

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 1. Obtain previous workpapers/audit reports. FIREWALL CHECKLIST Pre Audit Checklist 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review. 3. Obtain current network diagrams

More information

Service Organization Controls 3 Report

Service Organization Controls 3 Report Service Organization Controls 3 Report Report on the Amazon Web Services System Relevant to Security and Availability For the Period April 1, 2015 September 30, 2015 Ernst & Young LLP Suite 1600 560 Mission

More information

Virtualization s Evolution

Virtualization s Evolution Virtualization s Evolution Expect more from your IT solutions. Virtualization s Evolution In 2009, most Quebec businesses no longer question the relevancy of virtualizing their infrastructure. Rather,

More information

T141 Computer Systems Technician MTCU Code 50505 Program Learning Outcomes

T141 Computer Systems Technician MTCU Code 50505 Program Learning Outcomes T141 Computer Systems Technician MTCU Code 50505 Program Learning Outcomes Synopsis of the Vocational Learning Outcomes * The graduate has reliably demonstrated the ability to 1. analyze and resolve information

More information

VMware vcloud Air SOC 1 Control Matrix

VMware vcloud Air SOC 1 Control Matrix SOC 1 Control Objectives/Activities Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort, we have undergone a variety of industry standard audits,

More information

The Internet Corporation for Assigned Names and Numbers (ICANN)

The Internet Corporation for Assigned Names and Numbers (ICANN) The Internet Corporation for Assigned Names and Numbers (ICANN) Root Zone Key Signing Key System SysTrust Report based on the Trust Services Principles of Availability, Security and Processing Integrity

More information

Securing the Service Desk in the Cloud

Securing the Service Desk in the Cloud TECHNICAL WHITE PAPER Securing the Service Desk in the Cloud BMC s Security Strategy for ITSM in the SaaS Environment Introduction Faced with a growing number of regulatory, corporate, and industry requirements,

More information

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security

Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security Overview Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security Blackboard Collaborate web conferencing is available in a hosted environment and this document

More information

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE ebook Series 2 Headlines have been written, fines have been issued and companies around the world have been challenged to find the resources, time and capital

More information

3rd Party Audited Cloud Infrastructure SOC 1, Type II SOC 2, Type II ISO 27001. Annual 3rd party application Pen Tests.

3rd Party Audited Cloud Infrastructure SOC 1, Type II SOC 2, Type II ISO 27001. Annual 3rd party application Pen Tests. THE BRIGHTIDEA CLOUD INFRASTRUCTURE INTRODUCTION Brightidea s world-class cloud infrastructure is designed and certified to handle the most stringent security, reliability, scalability, and performance

More information

Sun ONE Identity Server Web Policy Agents Release Notes

Sun ONE Identity Server Web Policy Agents Release Notes Sun ONE Identity Server Web Policy Agents Release Notes Version 6.0 SP1 Part Number 816-6860-10 July 2003 These release notes contain important information available at the time of the release of Sun Open

More information

SRA International Managed Information Systems Internal Audit Report

SRA International Managed Information Systems Internal Audit Report SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...

More information

IOD Incorporated. SOC 3 Report for IOD Incorporated

IOD Incorporated. SOC 3 Report for IOD Incorporated SOC 3 Report for IOD Incorporated For The Period From SOC 3 Report Table of Contents Section 1: Management of IOD Incorporated Service Organization s Assertion... 2 Section 2: Independent Accountant s

More information

SPRINT MANAGED SECURITY SERVICES PRODUCT ANNEX

SPRINT MANAGED SECURITY SERVICES PRODUCT ANNEX SPRINT MANAGED SECURITY SERVICES PRODUCT ANNEX The following terms and conditions, together with the Sprint Master or Custom Services Agreement or Domestic Sprint Services Sales Application Form ("Agreement"),

More information

Hosting Solutions Made Simple. Managed Services - Overview and Pricing

Hosting Solutions Made Simple. Managed Services - Overview and Pricing Hosting Solutions Made Simple Managed Services - Overview and Pricing NETRACKservers Internet Security Package: NETRACKservers's Internet Security Package is an ideal security service for business that

More information

Designing, Optimizing and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008

Designing, Optimizing and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008 Course 50400A: Designing, Optimizing and Maintaining a Database Administrative Solution for Microsoft SQL Server 2008 Length: 5 Days Language(s): English Audience(s): IT Professionals Level: 300 Technology:

More information

The IDG 9074 Remote Access Controller

The IDG 9074 Remote Access Controller secure Agent Secure Enterprise Solutions Product Overview The IDG 9074 Remote Access Controller 2448 E. 81 st St, Ste 2000 Tulsa OK 74137-4271 USA Tel: 918.971.1600 Fax: 918.971.1623 www.secureagent.com

More information

Connecticut Justice Information System Security Compliance Assessment Form

Connecticut Justice Information System Security Compliance Assessment Form The Connecticut Justice Information System (CJIS-2) is used as a mechanism for municipalities, State and Federal agencies to assess their compliance with the CJIS Security Requirements & Recommendations

More information

SOC 3 SYSTRUST FOR SERVICE ORGANIZATIONS REPORT

SOC 3 SYSTRUST FOR SERVICE ORGANIZATIONS REPORT THE TELX GROUP SOC 3 SYSTRUST FOR SERVICE ORGANIZATIONS REPORT Report On Telx s Interconnection And Colocation Services Relevant To Security And Availability For the Period April 1, 2014 March 31, 2015

More information

SSAE 16 and AT Section 101

SSAE 16 and AT Section 101 call 305 447 6750 800 S. Douglas Road Suite 940N Coral Gables, FL 33134 www.emrisk.com email: info@emrisk.com SSAE 16 and AT Section 101 A Changed Approach to Assurance Since 1992, Statement on Auditing

More information

CHOOSING A RACKSPACE HOSTING PLATFORM

CHOOSING A RACKSPACE HOSTING PLATFORM CHOOSING A RACKSPACE HOSTING PLATFORM Rackspace has years of experience in hosting and has learnt that the unique needs of our customers businesses often determines the level of accountability and project

More information

Remote Infrastructure Support Services & Managed IT Services

Remote Infrastructure Support Services & Managed IT Services Remote Infrastructure Support Services & Managed IT Services Remote Desktop Services are designed to optimize the customers IT resource utilization and provide a standardized end-user environment. The

More information

Operations and Network Center (CORE)

Operations and Network Center (CORE) Operations and Network Center (CORE) Get to know us The Operations and Network Center (CORE) is the cornerstone in Informatica ECI's strategy for the provision of managed information technology services.

More information

California Department of Technology, Office of Technology Services MICROSOFT SQL SERVER GUIDELINE

California Department of Technology, Office of Technology Services MICROSOFT SQL SERVER GUIDELINE Table of Contents 1.0 GENERAL... 2 1.1 SUMMARY...2 1.2 REFERENCES...2 1.3 SUBMITTALS...3 1.3.1 General...3 1.3.2 Service Request...3 1.4 EXPECTATIONS...3 1.4.1 OTech...3 1.4.2 Customer...4 1.5 SCHEDULING...4

More information

Remote Managed Infrastructure Services

Remote Managed Infrastructure Services INFORMATION INFRASTRUCTURE FORUM, ISTANBUL Remote Managed Infrastructure Services Cem Erdoğan, Servis Ürün Yöneticisi, IBM Türk 2009 IBM Corporation Agenda Current industry situation Infrastructure services

More information

California Department of Technology, Office of Technology Services WINDOWS SERVER GUIDELINE

California Department of Technology, Office of Technology Services WINDOWS SERVER GUIDELINE Table of Contents 1.0 GENERAL... 2 1.1 SUMMARY...2 1.2 REFERENCES...2 1.3 SUBMITTALS...2 1.3.1 General...2 1.3.2 Service Request...3 1.4 EXPECTATIONS...3 1.4.1 OTech...3 1.4.2 Customer...3 1.5 SCHEDULING...4

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

General Computer Controls

General Computer Controls 1 General Computer Controls Governmental Unit: University of Mississippi Financial Statement Date: June 30, 2007 Prepared by: Robin Miller and Kathy Gates Date: 6/29/2007 Description of computer systems

More information

Basic knowledge of the Microsoft Windows operating system and its core functionality Working knowledge of Transact-SQL and relational databases

Basic knowledge of the Microsoft Windows operating system and its core functionality Working knowledge of Transact-SQL and relational databases M20462 Administering Microsoft SQL Server Databases Description: This five-day instructor-led course provides students with the knowledge and skills to maintain a Microsoft SQL Server 2014 database. The

More information

MS-50400 - Design, Optimize and Maintain Database for Microsoft SQL Server 2008

MS-50400 - Design, Optimize and Maintain Database for Microsoft SQL Server 2008 MS-50400 - Design, Optimize and Maintain Database for Microsoft SQL Server 2008 Table of Contents Introduction Audience At Completion Prerequisites Microsoft Certified Professional Exams Student Materials

More information

OPEN FOR EDUCATION. CampusNet - Managed Hosting services for Higher Education

OPEN FOR EDUCATION. CampusNet - Managed Hosting services for Higher Education OPEN FOR EDUCATION CampusNet - Managed services for Higher Education The partnership with CampusNet provides ForeFront Education with a fullservice hosting environment complete with staff who have product

More information

Symantec Critical System Protection Configuration Monitoring Edition Release Notes

Symantec Critical System Protection Configuration Monitoring Edition Release Notes Symantec Critical System Protection Configuration Monitoring Edition Release Notes Symantec Critical System Protection Configuration Monitoring Edition Release Notes The software described in this book

More information

VNLINFOTECH JOIN US & MAKE YOUR FUTURE BRIGHT. mcsa (70-413) Microsoft certified system administrator. (designing & implementing server infrasturcure)

VNLINFOTECH JOIN US & MAKE YOUR FUTURE BRIGHT. mcsa (70-413) Microsoft certified system administrator. (designing & implementing server infrasturcure) VNLINFOTECH JOIN US & MAKE YOUR FUTURE BRIGHT mcsa (70-413) Microsoft certified system administrator (designing & implementing server infrasturcure) www.vnlinfotech.com MODULE 1 : Considerations for Upgrades

More information

Nine Considerations When Choosing a Managed Hosting Provider

Nine Considerations When Choosing a Managed Hosting Provider Nine Considerations When Choosing a Managed Hosting Provider Selecting the right managed hosting provider for your business is a critical part of your success. This white paper provides a roadmap for companies

More information

Autodesk PLM 360 Security Whitepaper

Autodesk PLM 360 Security Whitepaper Autodesk PLM 360 Autodesk PLM 360 Security Whitepaper May 1, 2015 trust.autodesk.com Contents Introduction... 1 Document Purpose... 1 Cloud Operations... 1 High Availability... 1 Physical Infrastructure

More information

SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS

SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS Jeff Cook November 2015 Summary Service Organization Control (SOC) reports (formerly SAS 70 or

More information

Managing and Maintaining Windows Server 2008 Servers

Managing and Maintaining Windows Server 2008 Servers Managing and Maintaining Windows Server 2008 Servers Course Number: 6430A Length: 5 Day(s) Certification Exam There are no exams associated with this course. Course Overview This five day instructor led

More information

Ellucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant

Ellucian Cloud Services. Joe Street Cloud Services, Sr. Solution Consultant Ellucian Cloud Services Joe Street Cloud Services, Sr. Solution Consultant Confidentiality Statement The information contained herein is considered proprietary and highly confidential by Ellucian Managed

More information

StratusLIVE for Fundraisers Cloud Operations

StratusLIVE for Fundraisers Cloud Operations 6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace

More information

Hosting. Simply Different. www.iso-gruppe.com

Hosting. Simply Different. www.iso-gruppe.com Hosting. Simply Different. www.iso-gruppe.com Hosting. ISO Professional Services offers more All the SAP expertise of the ISO Group is focused in ISO Professional Services, which is among the firmly established

More information

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results Acquire or develop application systems software Controls provide reasonable assurance that application and system software is acquired or developed that effectively supports financial reporting requirements.

More information

PCI DSS Reporting WHITEPAPER

PCI DSS Reporting WHITEPAPER WHITEPAPER PCI DSS Reporting CONTENTS Executive Summary 2 Latest Patches not Installed 3 Vulnerability Dashboard 4 Web Application Protection 5 Users Logging into Sensitive Servers 6 Failed Login Attempts

More information

Introduction to Computer Administration. System Administration

Introduction to Computer Administration. System Administration Introduction to Computer Administration System Administration System Administration System Administration Duties of System Administrator Types of Administrators/Users Operating Systems Supporting Administration

More information

Information Technology Internal Audit Report

Information Technology Internal Audit Report Information Technology Internal Audit Report Report #2014-05 July 25, 2014 Table of Contents Page Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives... 4 Scope and Testing

More information

Improving. Summary. gathered from. research, and. Burnout of. Whitepaper

Improving. Summary. gathered from. research, and. Burnout of. Whitepaper Whitepaper Improving Productivity and Uptime with a Tier 1 NOC Summary This paper s in depth analysis of IT support activities shows the value of segmenting and delegatingg activities based on skill level

More information

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s

PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s PierianDx - Clinical Genomicist Workstation Software as a Service FAQ s Network Security Please describe the preferred connection method(s) between the PierianDx network and a healthcare organization s

More information

Important Facts. Small & Medium size businesses report an average of 50 hours lost productivity per employee per year due to IT related problems.

Important Facts. Small & Medium size businesses report an average of 50 hours lost productivity per employee per year due to IT related problems. Your information systems are at the heart of your businesses daily operation. System down time costs businesses a significant amount of money each year. Most problems that cause down time can be prevented

More information

SOC 2 Report Seattle, WA (SEF)

SOC 2 Report Seattle, WA (SEF) SOC 2 Report Seattle, WA (SEF) October 1, 2013 January 31, 2014 Independent Service Auditor s Report INTERNAP NETWORK SERVICES CORPORATION Company-Controlled Data Center Services Type 2 Report on Controls

More information

IT control environment Caerphilly County Borough Council

IT control environment Caerphilly County Borough Council Audit 2008/2009 November 2009 Author: PricewaterhouseCoopers LLP Ref: C09366 IT control environment Caerphilly County Borough Council We found the overall IT control environment at Caerphilly County Borough

More information

REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS

REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS REPORT OF INDEPENDENT CERTIFIED PUBLIC ACCOUNTANTS To the Management of Internet Security Research Group: We have examined the assertion by the management of the Internet Security Research Group ( ISRG

More information

E f f e c t i v e p r o c e s s - d r i v e n

E f f e c t i v e p r o c e s s - d r i v e n E f f e c t i v e p r o c e s s - d r i v e n S e r v i c e S u p p o r t Frontier Business Systems has over a decade of experience in design, delivery, deployment and support of complex IT infrastructure

More information

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch SSAE 16 for Transportation & Logistics Companies Chris Kradjan Kim Koch 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind,

More information

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009 Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving

More information

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

University of Central Florida Class Specification Administrative and Professional. Information Security Officer Information Security Officer Job Code: 2534 Serve as the information security officer for the University. Develop and computer security system standards, policies, and procedures. Serve as technical team

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1

How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 How does IBM deliver cloud security? An IBM paper covering SmartCloud Services 1 2 How does IBM deliver cloud security? Contents 2 Introduction 3 Cloud governance 3 Security governance, risk management

More information