System Description of the Date Center System Relevant to Security and Availability (SOC 3) November 1, 2011 through April 30, 2012

Size: px
Start display at page:

Download "System Description of the Date Center System Relevant to Security and Availability (SOC 3) November 1, 2011 through April 30, 2012"

Transcription

1 System Description of the Date Center System Relevant to Security and Availability (SOC 3) November 1, 2011 through April 30, 2012 Moss Adams LLP 9665 Granite Ridge Drive, Suite 600 San Diego, CA (858)

2 Report on Controls at a Service Organization Relevant to Security and Availability (SOC 2) November 1, 2011 through April 30, 2012 TABLE OF CONTENTS I. Independent Practioner s Trust Services Report 1 II. Management of American Internet Services Assertion Regarding Its Data Center System Based on the AICPA/CICA Trust Services Criteria for Security and Availability 3 III. Description of American Internet Services Data Center System For the Period November 1, 2011, to April 30, A. System Overview 4 1. Background 4 2. Infrastructure 4 3. Software 5 4. People 5 5. Procedures 7 6. Data 7 B. Complementary User Entity Controls 8 MOSS ADAMS LLP

3 I. INDEPENDENT PRACTIONER S TRUST SERVICES REPORT American Internet Services, LLC 9305 Lightwave Avenue San Diego, California To the Management of American Internet Services, LLC: We have examined management s assertion that during the period November 1, 2011 through April 30, 2012, American Internet Services maintained effective controls over its Data Center System to provide reasonable assurance that: the system was protected against unauthorized access (both physical and logical); and the system was available for operation and use, as committed or agreed; based on the AICPA and CICA trust services security and availability criteria. American Internet Services management is responsible for this assertion. Our responsibility is to express an opinion based on our examination. Management s description of the aspects of the Data Center System covered by its assertion is attached. We did not examine this description, and accordingly, we do not express an opinion on it. Our examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and, accordingly, included (1) obtaining an understanding of American Internet Services relevant controls over the security and availability of the Data Center System; (2) testing and evaluating the operating effectiveness of the controls; and (3) performing such other procedures as we considered necessary in the circumstances. We believe that our examination provides a reasonable basis for our opinion. Because of the nature and inherent limitations of controls, American Internet Services ability to meet the aforementioned criteria may be affected. For example, controls may not prevent or detect and correct error or fraud, unauthorized access to systems and information, or failure to comply with internal and external policies or requirements. Also, the projection of any conclusions based on our findings to future periods is subject to the risk that changes may alter the validity of such conclusions. MOSS ADAMS LLP 1

4 Independent Service Auditor s Report In our opinion, management s assertion referred to above is fairly stated, in all material respects, based on the AICPA and CICA trust services security and availability criteria. The SOC 3 SysTrust for Service Organizations Seal on American Internet Services web site constitutes a symbolic representation of the contents of this report and is not intended, nor should it be constructed, to update this report or provide additional assurance. San Diego, California June 25, 2012 MOSS ADAMS LLP 2

5 II. MANAGEMENT OF AMERICAN INTERNET SERVICES ASSERTION REGARDING ITS DATA CENTER SYSTEM BASED ON THE AICPA/CICA TRUST SERVICES CRITERIA FOR SECURITY AND AVAILABILITY During the period November 1, 2011 through April 30, 2012, American Internet Services, in all material respects, maintained effective controls over security and availability of its Data Center System to provide reasonable assurance that: the system was protected against unauthorized access (both physical and logical); and the system was available for operation and use, as committed or agreed; based on the AICPA and CICA trust services security and availability criteria. Out attached System Description of the Data Center System summarizes those aspects of the system covered by our assertion. Tim Caulfied Chief Executive Officer American Internet Services, LLC Frank Gaff Director Service Delivery and Client Services American Internet Services, LLC June 25, 2012 MOSS ADAMS LLP 3

6 III. DESCRIPTION OF AMERICAN INTERNET SERVICES DATA CENTER SYSTEM FOR THE PERIOD NOVEMBER 1, 2011, TO APRIL 30, 2012 A. SYSTEM OVERVIEW 1. Background American Internet Services (AIS) has been working to provide business to business high end Internet services such as collocation, transit/transport connectivity and hosting solutions for over 15 years. AIS provides a complete offering of Internet data center collocation and connectivity solutions for small, medium and large business clients from its five data center facilities in San Diego (Lightwave, Scranton, Fiber Alley), Los Angeles (One Wilshire), and Phoenix, Arizona (Van Buren). This includes design, engineering, implementation, and technical support services. 2. Infrastructure AIS provides collocation services to user entities through several different data center facilities. The in scope locations are listed below: Lightwave Data Center (LWDC) (San Diego, California) San Diego Tech Center (SDTC) (San Diego, California) Fiber Alley Data Centers #1/#2/#3 (FADC) (San Diego, California) One Wilshire Point of Presence (OWPOP) (Los Angeles, California) Van Buren Data Center (VBDC) (Phoenix, Arizona) The Los Angeles facility does not contain any user entity systems or devices. The Los Angeles facility serves as a location to provide backup communication equipment. AIS has an internal operational software system known as The Automated System (TAS) which employees access through their desktop on company supplied computers or through a Citrix Access Gateway. Data communications between the different facilities offices are encrypted with virtual private networking (VPN) technology. The Data Center System is comprised of the following five components: Infrastructure (facilities, equipment, and networks) Software (systems, applications, and utilities) People (developers, operators, user, and managers) Procedures (automated and manual) Data (transaction streams, files, databases and tables) The following sections of this description define each of the five components comprising the Data Center System. MOSS ADAMS LLP 4

7 Description of American Internet Services System For the Period November 1, 2011, to April 30, 2012 System Overview 3. Software AIS uses TAS as a multi level, highly scalable Customer Relationship Management (CRM) system which is a resource tool for both internal AIS systems and for clients, and handles a wide variety of issues, including monitoring activities, billing, and facilitating both internal and external trouble tickets. TAS also serves as the online portal for clients to access their information. TAS is a proprietary built system, with all functional change management activities being handled and facilitated by dedicated AIS engineers. All changes to the TAS system require documentation within the system itself for ensuring acceptable change management policies and procedures are being followed. 4. People AIS has a staff of approximately 70 employees organized in the following functional areas: Senior Leadership Team o Chief Executive Officer o Chief Financial Officer o Vice President of Sales o Director of Service Delivery and Client Services o Vice President of Data Center Engineering and Operations o Vice President of Network and Managed Services Critical Infrastructure Responsible for ensuring reliability, availability, sustainability and productivity for the AIS data centers; concurrently responsible for ensuring sustainable supporting environments. Specific data center operations and engineering responsibilities include the following: physical security, fire suppression system operational readiness, collocation production including space, power distribution, connectivity cabling, environmental support systems and production environmental standards maintenance, enterprise infrastructure systems operational readiness, and contingency response planning and implementation. Network and Managed Services (NMS) Responsible for growth and operation of AIS network and software systems, including routers, switches, optical networking/transport, network security, public facing applications, and internal IT. Responsible for network and systems DR/BC planning, emergency response, and sparing inventory. Sales Responsible for identifying the needs and requirements of new and existing customers of targeted companies in the San Diego and Phoenix areas. The sales department works closely with the marketing, finance and provisioning teams to ensure the company's products or services are marketed and sold to target consumers. For example, it is important for AIS that they focus on healthcare, life sciences and high technology companies in order to achieve their desired growth and revenue projections. MOSS ADAMS LLP 5

8 Description of American Internet Services System For the Period November 1, 2011, to April 30, 2012 System Overview Service Delivery Responsible for ensuring the implementation of customer solutions/systems/services/orders are carried out in a timely manner. Client Services Responsible for providing onsite customer support for the LWDC, FADC and SDTC data centers on a 24x7x365 basis. The VBDC facility has weekday onsite customer support from 6 a.m. to 6 p.m. and after hours and weekend support on an as needed basis with onsite support available within 15 minutes. The Client Services team provides essential security monitoring as well as overseeing physical access controls to ensure that only authorized individuals have access to the various physical data center facilities in accordance with AIS and customer access procedures. Client Services personnel, located in the Operations and Control Center (OCC) in each of the AIS data centers, perform a wide variety of additional customer support functions and services consisting of, but not limited to: o Remote hands providing server reboots or direct problem troubleshooting with customers over the phone. o Providing racking and stacking of customer equipment. o Performing customer tape rotations and offsite tape storage coordination. o Maintaining inventory control of customer equipment. o Ticket tracking of customer requests and troubleshooting activities. o Monitoring customer bandwidth and connectivity. o Responding to customer e mail, phone and/or portal inquiries. In addition, the Client Services team monitors critical network and infrastructure equipment and services provided by each of the data centers. Accounting, Finance and Human Resources Responsible for a large array of issues, including payment of organizational fixed and variable costs, building cash flow projection models, budgeting and regulatory compliance, collecting payments from clients and maintaining all other financial management activities. Risk assessment concerning cash flows and the ability to meet mandatory expenses is constantly monitored and evaluated. Issues such as lines of credit, cash reserves, and other financial issues are studied by senior management on a regular basis. MOSS ADAMS LLP 6

9 Description of American Internet Services System For the Period November 1, 2011, to April 30, 2012 System Overview 5. Procedures The following Key Indicator Reports are reviewed on a regular basis: 1. Financials 2. Bank Statements 3. AP/AR Reports 4. Sales Reports 5. Client Attrition Reports 6. Microsoft Dynamics Sales Reporting System 7. Quarterly Forecasting Reports 8. Bank Compliance Reporting 9. Federal, State and Local Tax Reporting 10. Annual Financial Statement Auditing Process Additionally, the Human Resources Department is responsible for supporting employees, including training, compensation, promotion, performance appraisal and review, and the overall work environment at AIS. The collocation services provided by AIS include: Power, cooling, and fire suppression equipment to help mitigate risks that might be caused by environmental threats. Online portal access for managing important account information. Redundant network connections to multiple data center facilities to mitigate risks that might result from network downtime. Authorization, changes to, and termination of information system physical access. Monitoring security controls. These services are supported by AIS s Client Services Team 24 hours a day, 7 days a week, and 365 days a year. The key support services include: Help desk for system users Infrastructure support Datacenter operations and performance monitoring Physical security administration and auditing Incident management Change management Maintenance and support of the security system and necessary back ups and offline storage 6. Data AIS does not have access to any user entity data. AIS solely provides collocation services such as physical security controls to ensure that unauthorized personnel cannot access user entity devices that are stored within the AIS data center facilities. MOSS ADAMS LLP 7

10 Description of American Internet Services System For the Period November 1, 2011, to April 30, 2012 B. COMPLEMENTARY USER ENTITY CONTROLS AIS Data Center System at all five data centers was designed with the assumption that additional controls would be implemented by the user entities. These controls should be in operation at user entities to complement AIS s controls. The complementary user entity controls presented below should not be regarded as a comprehensive list of all controls which should be employed by user entities: Implementation of sound and consistent internal controls regarding general IT system access, and system usage appropriateness for all internal user entity components associated with AIS. Timely removal of user accounts for any users who have been terminated and were previously involved in any material functions or activities associated with AIS data center products and services. Transactions for user entities relating to AIS data center products and services are appropriately authorized, and transactions are secure, timely, and complete. For user entities sending data to AIS, data must be protected by appropriate methods for ensuring confidentiality, privacy, integrity, availability, and nonrepudiation. User entities should implement controls requiring additional approval procedures for critical transactions relating to AIS data center products and services. User entities should report to AIS in a timely manner any material changes to their overall control environment that may adversely affect services being performed by AIS. User entities are responsible for notifying AIS in a timely manner of any changes to personnel directly involved with services performed by AIS. These personnel may be involved in financial, technical, or ancillary administrative functions directly associated with services provided by AIS. User entities are responsible for adhering to the terms and conditions stated within their contracts with AIS. User entities are responsible for developing and, if necessary, implementing a business continuity and disaster recovery plan that will aid in the continuation of services provided by AIS. MOSS ADAMS LLP 8

11

Independent Service Auditors Report

Independent Service Auditors Report KPMG LLP Suite 1400 55 Second Street San Francisco, CA 94105 Independent Service Auditors Report The Board of Directors of GoDaddy.com, LLC: We have examined management's assertion that during the period

More information

MAG DATACENTERS, LLC ( FORTRUST ) Service Organization Controls 3

MAG DATACENTERS, LLC ( FORTRUST ) Service Organization Controls 3 MAG DATACENTERS, LLC ( FORTRUST ) Service Organization Controls 3 Report on FORTRUST s Enterprise Data Center and Colocation Services System Relevant to Security and Availability For the Period October

More information

Independent Service Auditor s Report

Independent Service Auditor s Report Independent Service Auditor s Report Microsoft Corporation Global Foundation Services Independent SOC 3 Report for the Security and Availability Trust Principle for Microsoft GFS 1 Independent Service

More information

SOC 3 for Security and Availability

SOC 3 for Security and Availability SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2013 through September 30, 2014 Independent SOC 3 Report for the Security and Availability Trust

More information

UCS Level 2 Report Issued to

UCS Level 2 Report Issued to UCS Level 2 Report Issued to MSPAlliance Unified Certification Standard (UCS) Report Copyright 2014 www.mspalliance.com/ucs info@mspalliance.com Welcome to the UCS report which stands for Unified Certification

More information

Report of Independent Accountants. To the Management of Verizon Communications Inc. Verizon Business IP Application Hosting:

Report of Independent Accountants. To the Management of Verizon Communications Inc. Verizon Business IP Application Hosting: Report of Independent Accountants Ernst & Young, LLP Two Commerce Square Suite 4000 2001 Market Street Philadelphia, Pennsylvania 19103-7096 Tel: +1 215 448 5000 Fax: +1 215 448 4069 www.ey.com To the

More information

SOC 3 for Security and Availability

SOC 3 for Security and Availability SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2014 through September 30, 2015 Independent SOC 3 Report for the Security and Availability Trust

More information

Service Organization Control 3 Report

Service Organization Control 3 Report Service Organization Control 3 Report Description of Cbeyond Cloud Services IT Outsourcing Services relevant to Security and Availability For the period January 1, 2011 through August 31, 2011 with the

More information

Service Organization Controls 3 Report. Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability

Service Organization Controls 3 Report. Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability Service Organization Controls 3 Report Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability for the period May 1, 2015 through October 31, 2015 Ernst &

More information

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013 SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013 TABLE OF CONTENTS SECTION I: INDEPENDENT PRACTITIONERS TRUST SERVICES

More information

Ayla Networks, Inc. SOC 3 SysTrust 2015

Ayla Networks, Inc. SOC 3 SysTrust 2015 Ayla Networks, Inc. SOC 3 SysTrust 2015 SOC 3 SYSTRUST FOR SERVICE ORGANIZATIONS REPORT July 1, 2015 To December 31, 2015 Table of Contents SECTION 1 INDEPENDENT SERVICE AUDITOR S REPORT... 2 SECTION 2

More information

INDEPENDENT PRACTITIONER S TRUST SERVICES REPORT LIQUID WEB, INC.

INDEPENDENT PRACTITIONER S TRUST SERVICES REPORT LIQUID WEB, INC. INDEPENDENT PRACTITIONER S TRUST SERVICES REPORT LIQUID WEB, INC. Web Hosting Services Trust Services Report on Management s Assertion (SOC 3) As Of June 30, 2014 LIQUID WEB, INC. Trust Services Report

More information

Service Organization Control (SOC 3) Report on a Description of the Data Center Colocation System Relevant to Security and Availability

Service Organization Control (SOC 3) Report on a Description of the Data Center Colocation System Relevant to Security and Availability 15301 Dallas Parkway, Suite 960, Addison, TX 75001 MAIN 214 545 3965 FAX 214 545 3966 www.bkmsh.com Service Organization Control (SOC 3) Report on a Description of the Data Center Colocation System Relevant

More information

IOD Incorporated. SOC 3 Report for IOD Incorporated

IOD Incorporated. SOC 3 Report for IOD Incorporated SOC 3 Report for IOD Incorporated For The Period From SOC 3 Report Table of Contents Section 1: Management of IOD Incorporated Service Organization s Assertion... 2 Section 2: Independent Accountant s

More information

SOC 3 SYSTRUST FOR SERVICE ORGANIZATIONS REPORT

SOC 3 SYSTRUST FOR SERVICE ORGANIZATIONS REPORT THE TELX GROUP SOC 3 SYSTRUST FOR SERVICE ORGANIZATIONS REPORT Report On Telx s Interconnection And Colocation Services Relevant To Security And Availability For the Period April 1, 2014 March 31, 2015

More information

SERVICE ORGANIZATION CONTROL 3 REPORT

SERVICE ORGANIZATION CONTROL 3 REPORT SERVICE ORGANIZATION CONTROL 3 REPORT Digital Certificate Solutions, Comodo Certificate Manager (CCM), and Comodo Two Factor Authentication (Comodo TF) Services For the period April 1, 2013 through March

More information

Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security

Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security For the Period January 1, 2015 through June 30, 2015 SOC 3 SM SOC 3 is a service

More information

Information for Management of a Service Organization

Information for Management of a Service Organization Information for Management of a Service Organization Copyright 2011 American Institute of Certified Public Accountants, Inc. New York, NY 10036-8775 All rights reserved. For information about the procedure

More information

The Internet Corporation for Assigned Names and Numbers (ICANN)

The Internet Corporation for Assigned Names and Numbers (ICANN) The Internet Corporation for Assigned Names and Numbers (ICANN) Root Zone Key Signing Key System SysTrust Report based on the Trust Services Principles of Availability, Security and Processing Integrity

More information

Data Center Build vs. Buy

Data Center Build vs. Buy 2014 Data Center Build vs. Buy More information available on our website: /page/whitepapers Data Center Build vs. Buy 2014 When considering colocating your data center, first you must understand your technical

More information

CoreSite A Carlyle Company. 70 Innerbelt Colocation Services

CoreSite A Carlyle Company. 70 Innerbelt Colocation Services CoreSite A Carlyle Company 70 Innerbelt Colocation Services Independent Service Auditor s Report on s Placed in Operation and Tests of Operating Effectiveness For the Period of October 1, 2009, to March

More information

Frequently asked questions: SOC 2 and 3

Frequently asked questions: SOC 2 and 3 1. Is the licensing requirement for a SOC 2 or 3 different than for a SOC 1? SOC reports are attestation reports issued in accordance with AICPA standards. Therefore, licensing requirements are the same

More information

SaaS Security for the Confirmit CustomerSat Software

SaaS Security for the Confirmit CustomerSat Software SaaS Security for the Confirmit CustomerSat Software July 2015 Arnt Feruglio Chief Operating Officer The Confirmit CustomerSat Software Designed for The Web. From its inception in 1997, the architecture

More information

Service Organization Controls 3 Report

Service Organization Controls 3 Report Service Organization Controls 3 Report Report on the Amazon Web Services System Relevant to Security For the Period April 1, 2013 March 31, 2014 Ernst & Young LLP Suite 1600 560 Mission Street San Francisco,

More information

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific

More information

VML INSURANCE PROGRAMS REQUEST FOR PROPOSALS STRATEGIC TECHNOLOGY PARTNER FOR MEMBERS

VML INSURANCE PROGRAMS REQUEST FOR PROPOSALS STRATEGIC TECHNOLOGY PARTNER FOR MEMBERS INTRODUCTION AND BACKGROUND VML INSURANCE PROGRAMS REQUEST FOR PROPOSALS STRATEGIC TECHNOLOGY PARTNER FOR MEMBERS VML Insurance Programs (VMLIP) is requesting Proposals from qualified firms to serve as

More information

SECTION I INDEPENDENT SERVICE AUDITOR S REPORT

SECTION I INDEPENDENT SERVICE AUDITOR S REPORT SOC2 Security Report on Controls Supporting DriveSavers Services Independent Service Auditor s Report on Design of Controls Placed in Operation and Tests of Operational Effectiveness Relevant to Security

More information

SRA International Managed Information Systems Internal Audit Report

SRA International Managed Information Systems Internal Audit Report SRA International Managed Information Systems Internal Audit Report Report #2014-03 June 18, 2014 Table of Contents Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives...

More information

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch SSAE 16 for Transportation & Logistics Companies Chris Kradjan Kim Koch 1 The material appearing in this presentation is for informational purposes only and should not be construed as advice of any kind,

More information

The Demand for Audit and Other Assurance Services

The Demand for Audit and Other Assurance Services The Demand for Audit and Other Assurance Services Chapter 1 2008 Prentice Hall Business Publishing, Auditing 12/e, Arens/Beasley/Elder 1-1 Sarbanes-Oxley Act The Act established the Public Company Accounting

More information

Stone Vault, LLC SOC 1 (SSAE NO. 16) TYPE 1 REPORT ON CONTROLS PLACED IN OPERATION FOR TAX RETURN AND FINANCIAL STATEMENT PORTAL SERVICES

Stone Vault, LLC SOC 1 (SSAE NO. 16) TYPE 1 REPORT ON CONTROLS PLACED IN OPERATION FOR TAX RETURN AND FINANCIAL STATEMENT PORTAL SERVICES SOC 1 (SSAE NO. 16) TYPE 1 REPORT ON CONTROLS PLACED IN OPERATION FOR TAX RETURN AND FINANCIAL STATEMENT PORTAL SERVICES Stone Vault, LLC JANUARY 31, 2013 STONE VAULT, LLC Table of Contents SECTION 1:

More information

Modern Pharmacy IT. R x IT as a service. Kodiak service summary. Service features. Hosted Framework. Hosted DocuTrack

Modern Pharmacy IT. R x IT as a service. Kodiak service summary. Service features. Hosted Framework. Hosted DocuTrack Modern Pharmacy IT R x IT as a service Modern specialty pharmacies face a wide and deepening range of IT challenges. Unlike skilled nursing facilities (SNF), with protected health information (PHI) access

More information

Managed Services. Business Intelligence Solutions

Managed Services. Business Intelligence Solutions Managed Services Business Intelligence Solutions Business Intelligence Solutions provides an array of strategic technology services for life science companies and healthcare providers. Our Managed Services

More information

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including: 1. IT Cost Containment 84 topics 2. Cloud Computing Readiness 225

More information

I.T. Assurance. Letting you do what you do best... run your business. www.sironasolutions.com 0161 850 1000

I.T. Assurance. Letting you do what you do best... run your business. www.sironasolutions.com 0161 850 1000 Letting you do what you do best... run your business www.sironasolutions.com 06 850 000 For years, IT companies and their clients have been working against each other. Something breaks, the IT company

More information

Report of Independent Auditors

Report of Independent Auditors Ernst & Young LLP Suite 3300 370 17th Street Denver, Colorado 80202-5663 Tel: +1 720 931 4000 Fax: +1 720 931 4444 www.ey.com Report of Independent Auditors To the Management of NTT America, Inc.: We have

More information

Transitioning Your Clients to the Cloud from Initial Discussion to Implementation to Client Usage. 888.869.0076 info@cloud9realtime.

Transitioning Your Clients to the Cloud from Initial Discussion to Implementation to Client Usage. 888.869.0076 info@cloud9realtime. Transitioning Your Clients to the Cloud from Initial Discussion to Implementation to Client Usage 888.869.0076 info@cloud9realtime.com About Us U.S. Based with Headquarters in San Diego, California Licensed

More information

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the

More information

StratusLIVE for Fundraisers Cloud Operations

StratusLIVE for Fundraisers Cloud Operations 6465 College Park Square Virginia Beach, VA 23464 757-273-8219 (main) 757-962-6989 (fax) stratuslive.com Contents Security Services... 3 Rackspace Multi Layered Approach to Security... 3 Network... 3 Rackspace

More information

Putnam/Northern Westchester BOCES Internal Audit Report on Information Technology

Putnam/Northern Westchester BOCES Internal Audit Report on Information Technology 6G Putnam/Northern Westchester BOCES Internal Audit Report on Information Technology TABLE OF CONTENTS Page Report on Internal Controls Related to Information Technology Network and Network Security 1

More information

Service Organizations: Auditing Interpretations of Section 324

Service Organizations: Auditing Interpretations of Section 324 Service Organizations 1835 AU Section 9324 Service Organizations: Auditing Interpretations of Section 324 1. Describing Tests of Operating Effectiveness and the Results of Such Tests.01 Question Paragraph.44f

More information

Understanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016

Understanding SOC Reports for Effective Vendor Management. Jason T. Clinton January 26, 2016 Understanding SOC Reports for Effective Vendor Management Jason T. Clinton January 26, 2016 MEMBER OF PKF NORTH AMERICA, AN ASSOCIATION OF LEGALLY INDEPENDENT FIRMS 2012 Wolf & Company, P.C. Before we

More information

SENIOR SYSTEMS ANALYST

SENIOR SYSTEMS ANALYST CITY OF MONTEBELLO 109 DEFINITION Under general administrative direction of the City Administrator, provides advanced professional support to departments with very complex computer systems, programs and

More information

ABT Business Continuation Plan

ABT Business Continuation Plan ABT Business Continuation Plan Contents Emergency Contact Persons... 3 ABT General Policy... 3 Significant Business Disruptions (SBDs)... 3 Primary Site Engineered Awareness... 3 Plan Location and Access...

More information

VMware vcloud Air HIPAA Matrix

VMware vcloud Air HIPAA Matrix goes to great lengths to ensure the security and availability of vcloud Air services. In this effort VMware has completed an independent third party examination of vcloud Air against applicable regulatory

More information

Tel: +1 123 456 7890 Fax: +1 123 456 7890 ey.com. Report of Independent Auditors

Tel: +1 123 456 7890 Fax: +1 123 456 7890 ey.com. Report of Independent Auditors Ernst & Young LLP Suite 3300 370 17th Street Denver, Colorado 80202-5663 Tel: +1 123 456 7890 Fax: +1 123 456 7890 ey.com To the Management of NTT America, Inc.: Report of Independent Auditors We have

More information

Cloud Computing An Auditor s Perspective

Cloud Computing An Auditor s Perspective Cloud Computing An Auditor s Perspective Sailesh Gadia, CPA, CISA, CIPP sgadia@kpmg.com December 9, 2010 Discussion Agenda Introduction to cloud computing Types of cloud services Benefits, challenges,

More information

RSS Cloud Solution COMMON QUESTIONS

RSS Cloud Solution COMMON QUESTIONS RSS Cloud Solution COMMON QUESTIONS 1 Services... 3 Connectivity... 5 Support... 6 Implementation... 7 Security... 8 Applications... 9 Backups... 9 Email... 10 Contact... 11 2 Services What is included

More information

PC Proactive Solutions Technical View

PC Proactive Solutions Technical View PC Proactive Solutions Technical View PC Proactive Solutions Technicians View The following pages briefly describe our technicians view of our proactive management utility. Our software application is

More information

Report of Independent Auditor

Report of Independent Auditor Ernst & Young LLP One Commerce Square Suite 700 2005 Market Street Philadelphia, PA 19103 Tel: +1 215 448 5000 Fax: +1 215 448 5500 ey.com Report of Independent Auditor To the Management of Verizon Communications

More information

The Difference Between Disaster Recovery and Business Continuance

The Difference Between Disaster Recovery and Business Continuance The Difference Between Disaster Recovery and Business Continuance In high school geometry we learned that a square is a rectangle, but a rectangle is not a square. The same analogy applies to business

More information

Security Controls What Works. Southside Virginia Community College: Security Awareness

Security Controls What Works. Southside Virginia Community College: Security Awareness Security Controls What Works Southside Virginia Community College: Security Awareness Session Overview Identification of Information Security Drivers Identification of Regulations and Acts Introduction

More information

FormFire Application and IT Security. White Paper

FormFire Application and IT Security. White Paper FormFire Application and IT Security White Paper Contents Overview... 3 FormFire Corporate Security Policy... 3 Organizational Security... 3 Infrastructure and Security Team... 4 Application Development

More information

AL RAFEE ENTERPRISES Solutions & Expertise.

AL RAFEE ENTERPRISES Solutions & Expertise. AL RAFEE ENTERPRISES Solutions & Expertise. Virtualization Al Rafee has strategically made substantial investment in building up a large end to end portfolio of Virtualization across the entire IT infrastructure

More information

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

CounselorMax and ORS Managed Hosting RFP 15-NW-0016 CounselorMax and ORS Managed Hosting RFP 15-NW-0016 Posting Date 4/22/2015 Proposal submission deadline 5/15/2015, 5:00 PM ET Purpose of the RFP NeighborWorks America has a requirement for managed hosting

More information

Information Security Handbook

Information Security Handbook Information Security Handbook Adopted 6/4/14 Page 0 Page 1 1. Introduction... 5 1.1. Executive Summary... 5 1.2. Governance... 5 1.3. Scope and Application... 5 1.4. Biennial Review... 5 2. Definitions...

More information

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales SMS Systems Management Specialists Cloud Computing Grupo SMS www.grupo-sms.com 949.223.9240 option 3 for sales Cloud Computing The SMS Model: Cloud computing is a model for enabling ubiquitous, convenient,

More information

What is the Cloud, and why should it matter?

What is the Cloud, and why should it matter? 391 12 What is the Cloud, and why should it matter? 23 Everyone seems to be asking about it. No one seems to know exactly what it is, what they need, and where to find it. 4 A Philosophy of Design and

More information

Information Technology Internal Audit Report

Information Technology Internal Audit Report Information Technology Internal Audit Report Report #2014-05 July 25, 2014 Table of Contents Page Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives... 4 Scope and Testing

More information

SECURITY AND EXTERNAL SERVICE PROVIDERS

SECURITY AND EXTERNAL SERVICE PROVIDERS SECURITY AND EXTERNAL SERVICE PROVIDERS How to ensure regulatory compliance and manage risks with Service Organization Control (SOC) Reports Jorge Rey, CISA, CISM, CGEIT Director, Information Security

More information

ipatch System Manager - HIPAA Compliance

ipatch System Manager - HIPAA Compliance SYSTIMAX Solutions ipatch System Manager - HIPAA Compliance White Paper July 2008 www.commscope.com Overview Health plans, healthcare clearinghouses, healthcare providers including Medicare/ Medicaid agencies

More information

INTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

INTERNATIONAL AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS INTERNATIONAL PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective) CONTENTS Paragraph Introduction... 1 5 Skills and Knowledge... 6 7 Knowledge

More information

Understanding changes to the Trust Services Principles for SOC 2 reporting

Understanding changes to the Trust Services Principles for SOC 2 reporting Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Understanding changes to the Trust Services Principles for SOC 2 reporting

More information

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard Information Systems Audit and Controls Association Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard February 4, 2014 Tom Haberman, Principal, Deloitte & Touche LLP Reema Singh,

More information

REQUEST FOR PROPOSALS INFORMATION TECHNOLOGY SUPPORT SERVICES. Bid Packets are Due:

REQUEST FOR PROPOSALS INFORMATION TECHNOLOGY SUPPORT SERVICES. Bid Packets are Due: REQUEST FOR PROPOSALS INFORMATION TECHNOLOGY SUPPORT SERVICES Issue Date: Friday, March 15 th, 2013 Closing Date: Monday, April 15 th, 2013 University City District is requesting proposals from qualified,

More information

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM

AUSTIN INDEPENDENT SCHOOL DISTRICT INTERNAL AUDIT DEPARTMENT TRANSPORTATION AUDIT PROGRAM GENERAL: The Technology department is responsible for the managing of electronic devices and software for the District, as well as the Help Desk for resolution of employee-created help tickets. The subgroups

More information

Prepared by: OIC OF SOUTH FLORIDA. May 2013

Prepared by: OIC OF SOUTH FLORIDA. May 2013 OIC OF SOUTH FLORIDA REQUEST FOR PROPOSAL INFORMATION TECHNOLOGY SUPPORT SERVICES Proposals will be received by OIC of South Florida for Information Technology Support Services. Interested vendors should

More information

Validating Cloud. June 2012 Merry Danley

Validating Cloud. June 2012 Merry Danley Validating Cloud June 2012 Merry Danley Agenda Validation of Cloud Introduction Environments Definitions Manage Risk by Designation of Systems Why Go Cloud Success Dependencies Validation Personal Experience

More information

SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS

SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS Jeff Cook November 2015 Summary Service Organization Control (SOC) reports (formerly SAS 70 or

More information

San Francisco Chapter. Information Systems Operations

San Francisco Chapter. Information Systems Operations Information Systems Operations Overview Operations as a part of General Computer Controls Key Areas of focus within Information Systems Operations Key operational risks Controls generally associated with

More information

Secure, Compliant and Flexible Cloud Services

Secure, Compliant and Flexible Cloud Services www.ricohidc.com Secure, Compliant and Flexible Cloud Services Key to continuous success is EVOLUTION RICOH CLOUD SERVICES - Next Generation Cloud Services Our ISO 27001 certified datacenters provide wide

More information

Designing and Deploying Cloud Solutions for Small and Medium Business

Designing and Deploying Cloud Solutions for Small and Medium Business Designing and Deploying Cloud Solutions for Small and Medium Business HPATA Cloud Study Guide Rev 1.1 Table of Contents 1.1 Describe and recognize common virtualization technologies and products and their

More information

CHIS, Inc. Privacy General Guidelines

CHIS, Inc. Privacy General Guidelines CHIS, Inc. and HIPAA CHIS, Inc. provides services to healthcare facilities and uses certain protected health information (PHI) in connection with performing these services. Therefore, CHIS, Inc. is classified

More information

DATA CENTER OPERATIONS

DATA CENTER OPERATIONS REPORT NO. 2015-101 FEBRUARY 2015 FLORIDA STATE UNIVERSITY NORTHWEST REGIONAL DATA CENTER DATA CENTER OPERATIONS Information Technology Operational Audit EXECUTIVE DIRECTOR OF THE NORTHWEST REGIONAL DATA

More information

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE Please provide all relevant documents responsive to the information requests listed within each area below. In addition to the specific documents requested,

More information

PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (Issued December 2003; revised September 2004 (name change)) PN 1013 (September 04) PN 1013 (December 03) Contents Paragraphs

More information

jsecrm Corporate Edition

jsecrm Corporate Edition PIN No: P051163256V VAT No: 0140295M J.S. ENGINE LIMITED P.O. Box 39501 00623 NAIROBI, KENYA TEL: +254 20 3741872 FAX: +254 20 3741889 MOBILE: +254 725 990660 E MAIL: info@jsengine.net WEB: www.jsengine.net

More information

data center - why choose a data center facility

data center - why choose a data center facility data center - why choose a data center facility Do you have the highest levels of security, redundancy, reliability, infrastructure and technical expertise necessary to operate your Internet operations?

More information

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights

More information

SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS SRI LANKA AUDITING PRACTICE STATEMENT 1013 ELECTRONIC COMMERCE EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (This Statement is effective for all the audits commencing on or after 01 April 2010) CONTENTS

More information

Information Technology Security Procedures

Information Technology Security Procedures Information Technology Security Procedures Prepared By: Paul Athaide Date Prepared: Dec 1, 2010 Revised By: Paul Athaide Date Revised: September 20, 2012 Version 1.2 Contents 1. Policy Procedures... 3

More information

SERVIA CLOUD DATA CENTRE SOLUTIONS. Infrastructure as a Service, Virtual Disaster Recovery, Off-site Backup and Desktop as a Service

SERVIA CLOUD DATA CENTRE SOLUTIONS. Infrastructure as a Service, Virtual Disaster Recovery, Off-site Backup and Desktop as a Service SERVIA CLOUD DATA CENTRE SOLUTIONS Infrastructure as a Service, Virtual Disaster Recovery, Off-site Backup and Desktop as a Service PROTECTING YOUR CRITICAL DATA AND APPLICATIONS Data is now at the core

More information

Storage Guardian Remote Backup Restore and Archive Services

Storage Guardian Remote Backup Restore and Archive Services Storage Guardian Remote Backup Restore and Archive Services Storage Guardian is the unique alternative to traditional backup methods, replacing conventional tapebased backup systems with a fully automated,

More information

Keyfort Cloud Services (KCS)

Keyfort Cloud Services (KCS) Keyfort Cloud Services (KCS) Data Location, Security & Privacy 1. Executive Summary The purposes of this document is to provide a common understanding of the data location, security, privacy, resiliency

More information

Quinsigamond Community College Computing Environment

Quinsigamond Community College Computing Environment Quinsigamond Community College Computing Environment Technology Lifecycle: To ensure technologically current access to information resources, the College employs a Build Forward approach to replacing Desktop

More information

First Federal Corporation Gaithersburg, MD 20878 Office: 301-548-1500 Toll Free: 888-735-3500 Fax: 301-548-0682 www.ffederal.com

First Federal Corporation Gaithersburg, MD 20878 Office: 301-548-1500 Toll Free: 888-735-3500 Fax: 301-548-0682 www.ffederal.com First Federal Corporation Gaithersburg, MD 20878 Office: 301-548-1500 Toll Free: 888-735-3500 Fax: 301-548-0682 www.ffederal.com ~ A Recovery Point Company ~ 2013 Recovery Point Systems Inc. All rights

More information

Microsoft s Compliance Framework for Online Services

Microsoft s Compliance Framework for Online Services Microsoft s Compliance Framework for Online Services Online Services Security and Compliance Executive summary Contents Executive summary 1 The changing landscape for online services compliance 4 How Microsoft

More information

SAS No. 70, Service Organizations

SAS No. 70, Service Organizations SAS No. 70, Service Organizations A standard for reporting on a service organization s controls affecting user entities' financial statements. Only for use by service organization management, existing

More information

Independent Accountants Report

Independent Accountants Report KPMG LLP 345 Park Avenue New York, NY 10154-0102 Independent Accountants Report To the Management of Unisys Corporation: We have examined the assertion by the management of Unisys Corporation (Unisys)

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Information Technology Internal Audit Report

Information Technology Internal Audit Report Information Technology Internal Audit Report Report #2013-03 August 9, 2013 Table of Contents Page Executive Summary... 3 Background Information... 4 Background... 4 Audit Objectives... 4 Scope... 5 Testing

More information

Proactive. Professional. IT Support and Remote Network Monitoring.

Proactive. Professional. IT Support and Remote Network Monitoring. Proactive. Professional. IT Support and Remote Network Monitoring. Watching Your Greatest Asset with the Latest Technology. Focus on your Business. We ll focus on your IT. Recent business trends coupled

More information

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations kpmg.com b Section or Brochure name Effectively using SOC 1, SOC 2, and SOC 3 reports for increased

More information

REQUEST FOR PROPOSAL-INFORMATION TECHNOLOGY SUPPORT SERVICES

REQUEST FOR PROPOSAL-INFORMATION TECHNOLOGY SUPPORT SERVICES Isothermal Planning & Development Commission (IPDC) REQUEST FOR PROPOSAL-INFORMATION TECHNOLOGY SUPPORT SERVICES Proposals will be received by the IPDC for Information Technology Support Services. Interested

More information

III. Services Required The following details the services to be provided to the Town of North Haven in the area of information services:

III. Services Required The following details the services to be provided to the Town of North Haven in the area of information services: TOWN OF NORTH HAVEN REQUEST FOR PROPOSALS INFORMATION TECHNOLOGY NETWORK SUPPORT SERVICES Issue Date: March 7, 2016 Due Date: 10:00 AM, Monday, March 28, 2016 I. Introduction The Town of North Haven is

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke

Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke Business Continuity Planning Principles and Best Practices Tom Hinkel and Zach Duke Agenda Key components essential to a FFIEC compliant Business Continuity Plan Recovery Time Objectives & Recovery Point

More information

This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive.

This document and the information contained herein are the property of Bowman Systems L.L.C. and should be considered business sensitive. SERVICEPOINT SECURING CLIENT DATA This document and the information contained herein are the property of and should be considered business sensitive. Copyright 2006 333 Texas Street Suite 300 Shreveport,

More information

City of Dublin Education & Training Board. Programme Module for. Information Technology Administration. leading to. Level 6 QQI

City of Dublin Education & Training Board. Programme Module for. Information Technology Administration. leading to. Level 6 QQI City of Dublin Education & Training Board Programme Module for Information Technology Administration leading to Level 6 QQI Version 3 1 Introduction This programme module may be delivered as a standalone

More information

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations

Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Can SaaS be your strategic advantage in building software? Presented by: Paul Gatty, Director of World Wide Operations Topics What is SaaS? How does SaaS differ from managed hosting? Advantages of SaaS

More information