Service Organization Control 3 Report

Similar documents
Report of Independent Accountants. To the Management of Verizon Communications Inc. Verizon Business IP Application Hosting:

Independent Service Auditor s Report

Independent Service Auditors Report

SERVICE ORGANIZATION CONTROL 3 REPORT

Report of Independent Auditors

Service Organization Controls 3 Report

Tel: Fax: ey.com. Report of Independent Auditors

SOC 3 SYSTRUST FOR SERVICE ORGANIZATIONS REPORT

System Description of the Date Center System Relevant to Security and Availability (SOC 3) November 1, 2011 through April 30, 2012

Client Security Risk Assessment Questionnaire

Ayla Networks, Inc. SOC 3 SysTrust 2015

Report of Independent Accountants. To the Management of Globalsign SA/NV,

SOC 3 for Security and Availability

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013

Report of Independent Auditor

FIREWALL CHECKLIST. Pre Audit Checklist. 2. Obtain the Internet Policy, Standards, and Procedures relevant to the firewall review.

SRA International Managed Information Systems Internal Audit Report

Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

IT General Controls Domain COBIT Domain Control Objective Control Activity Test Plan Test of Controls Results

Information for Management of a Service Organization

Web Drive Limited TERMS AND CONDITIONS FOR THE SUPPLY OF SERVER HOSTING

Electronic Prescribing of Controlled Substances Technical Framework Panel. Mark Gingrich, RxHub LLC July 11, 2006

MAG DATACENTERS, LLC ( FORTRUST ) Service Organization Controls 3

Perceptive Software Platform Services

ERP Infrastructure Guide APPENDIX B

Service Organization Controls 3 Report. Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability

SMS. Cloud Computing. Systems Management Specialists. Grupo SMS option 3 for sales

PCI Requirements Coverage Summary Table

Payment Card Industry (PCI) Data Security Standard

VMware vcloud Air Security TECHNICAL WHITE PAPER

Autodesk PLM 360 Security Whitepaper

CONTENTS. Security Policy

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

Information System Audit. Arkansas Administrative Statewide Information System (AASIS) General Controls

PCI Requirements Coverage Summary Table

Question Name C 1.1 Do all users and administrators have a unique ID and password? Yes

Independent Accountants Report

Projectplace: A Secure Project Collaboration Solution

NCR CLOUD SERVICES OVERVIEW. An NCR Brochure

FINAL May Guideline on Security Systems for Safeguarding Customer Information

TENDER NOTICE No. UGVCL/SP/III/608/GPRS Modem Page 1 of 6. TECHNICAL SPECIFICATION OF GPRS based MODEM PART 4

Oracle Maps Cloud Service Enterprise Hosting and Delivery Policies Effective Date: October 1, 2015 Version 1.0

Payment Card Industry (PCI) Data Security Standard

Cyber Essentials Questionnaire

Server Protection Policy 1 1. Rationale 1.1. Compliance with this policy will help protect the privacy and integrity of data created by and relating

Georgia Institute of Technology Data Protection Safeguards Version: 2.0

Useful Tips for Reducing the Risk of Unauthorized. Access for Laser Beam Printers and Small-Office MFPs

H.I.P.A.A. Compliance Made Easy Products and Services

Service Organization Control (SOC 3) Report on a Description of the Data Center Colocation System Relevant to Security and Availability

Memeo C1 Secure File Transfer and Compliance

Network Security Guidelines. e-governance

HOSTWAY. FlexCloudTM. Servers

CLOUD SERVICE SCHEDULE

INFORMATION SECURITY GOVERNANCE ASSESSMENT TOOL FOR HIGHER EDUCATION

Useful Tips for Reducing the Risk of Unauthorized Access for Network Cameras Important

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

Why SaaS (Software as a Service) and not COTS (Commercial Off The Shelf software)?

StratusLIVE for Fundraisers Cloud Operations

SOC Readiness Assessments. SOC Report - Type 1. SOC Report - Type 2. Building Trust and Confidence in Third-Party Relationships

Appendix E to DIR Contract Number DIR-TSO-2736 CLOUD SERVICES CONTENT (ENTERPRISE CLOUD & PRIVATE CLOUD)

Chapter 11 Cloud Application Development

SaaS Security for the Confirmit CustomerSat Software

Telemedicine HIPAA/HITECH Privacy and Security

How To Secure An Rsa Authentication Agent

Secure, Scalable and Reliable Cloud Analytics from FusionOps

Teleran PCI Customer Case Study

G-Cloud Managed Exchange SaaS. Service Description

INCIDENT RESPONSE CHECKLIST

Security Controls What Works. Southside Virginia Community College: Security Awareness

Data Management Policies. Sage ERP Online

Frequently asked questions: SOC 2 and 3

Security Controls for the Autodesk 360 Managed Services

SonicWALL PCI 1.1 Implementation Guide

SOFTLAYER TECHNOLOGIES, INC.

Managed Colocation Service Terms and Conditions for CLOUDHPT.COM

Hosted Virtual Machine Service Policy

TONAQUINT DATA CENTER, INC. CLOUD SECURITY POLICY & PROCEDURES. Tonaquint Data Center, Inc Cloud Security Policy & Procedures 1

Security. CLOUD VIDEO CONFERENCING AND CALLING Whitepaper. October Page 1 of 9

How To Get Atos Paas For Free

Retention & Destruction

Performance Audit of the San Diego Convention Center s Information Technology Infrastructure JULY 2012

Service Organization Controls 3 Report

TEMPLE UNIVERSITY POLICIES AND PROCEDURES MANUAL

SERVICE LEVEL AGREEMENT

More than 6 years of experience in IT Projects/Networking /Systems

SOC 3 for Security and Availability

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com

Workspot, Inc. RSA SecurID Ready Implementation Guide. Partner Information. Last Modified: September 16, Product Information Partner Name

6. AUDIT CHECKLIST FOR NETWORK ADMINISTRATION AND SECURITY AUDITING

Attachment D System Hardware & Software Overview & Recommendations For IRP System

UCS Level 2 Report Issued to

White Paper. BD Assurity Linc Software Security. Overview

FormFire Application and IT Security. White Paper

MAXIMUM DATA SECURITY with ideals TM Virtual Data Room

SysAid IT On-Demand Architecture Including Security and Disaster Recovery Plan

Frequently Asked Questions

Best Practices For Department Server and Enterprise System Checklist

What is the Cloud, and why should it matter?

IOD Incorporated. SOC 3 Report for IOD Incorporated

Transcription:

Service Organization Control 3 Report Description of Cbeyond Cloud Services IT Outsourcing Services relevant to Security and Availability For the period January 1, 2011 through August 31, 2011 with the Independent Service Auditor s Report including Tests Performed and Results Thereof

Cbeyond Cloud Services (formerly MaximumASP) IT Outsourcing Services TABLE OF CONTENTS Report of Cbeyond Cloud Services IT Outsourcing Services System based on the AICPA/CICA Trust Services Principles and Criteria for Security and Availability... 1 Report of Independent Accountants... 3 Cbeyond Cloud Services IT Outsourcing Services relevant to Security and Availability for the period January 1, 2011 through August 31, 2011... 6

Report of Cbeyond Cloud Services controls over the IT Outsourcing Services System based on the AICPA/CICA Trust Services Principles and Criteria for Security and Availability 1

Report of Cbeyond Cloud Services controls over the IT Outsourcing Services System based on the AICPA/CICA Trust Services Principles and Criteria for Security and Availability Cbeyond Cloud Services, an operating division of Cbeyond Communications, LLC, maintained effective controls over the security and availability of the IT Outsourcing Services system ( System ) to provide reasonable assurance that: The System was protected against unauthorized access (both physical and logical); and The System was available for operation and use as committed or agreed during the period January 1, 2011 through August 31, 2011, based on the AICPA/CICA Trust Services Security and Availability criteria. Our Description of the System summarizes those aspects of the System covered by our assertion. Cbeyond Cloud Services, March 27, 2012 2

Report of Independent Accountants 3

Ernst & Young LLP Suite 1000 55 Ivan Allen Jr. Boulevard Atlanta, GA 30308 Tel: +1 404 874 8300 Fax: +1 404 817 5589 www.ey.com Report of Independent Accountants To the Board of Directors of Cbeyond, Inc. We have examined management s assertion that Cbeyond Cloud Services, an operating division of Cbeyond Communications LLC, during the period January 1, 2011 through August 31, 2011, maintained effective controls to provide reasonable assurance that: Cbeyond Cloud Services IT Outsourcing System was protected against unauthorized access (both physical and logical); and Cbeyond Cloud Services IT Outsourcing System was available for operation and use as committed or agreed based on the AICPA/CICA Trust Services Security and Availability criteria (applicable trust services criteria). Our examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and, accordingly included: (1) obtaining an understanding of Cbeyond Cloud Services relevant security and availability controls; (2) testing and evaluating the operating effectiveness of the controls; and (3) performing such other procedures as we considered necessary in the circumstances. We believe that our examination provides a reasonable basis for our opinion. Because of inherent limitations in controls, error or fraud may occur and not be detected. Furthermore, the projection of any conclusions, based on our findings, to future periods is subject to the risk that the validity of such conclusions may be altered because of changes made to the system or controls, the failure to make needed changes to the system or controls or deterioration in the degree of effectiveness of the controls. In our opinion, Cbeyond Cloud Services management assertion referred to above is fairly stated, in all material respects, based on the AICPA/CICA Trust Services Security and Availability criteria. 4 A member firm of Ernst & Young Global Limited

The SOC 3 SysTrust for Service Organization Seal on Cloud Services web site constitutes a symbolic representation of the contents of this report and it is not intended, nor should it be construed, to update this report or provide any additional assurance. March 27, 2012 Atlanta, GA 5 A member firm of Ernst & Young Global Limited

Cbeyond Cloud Services IT Outsourcing Services relevant to Security and Availability for the period January 1, 2011 through August 31, 2011 6

Cbeyond Cloud Services Overview Cbeyond Cloud Services, an operating division of Cbeyond Communications LLC, ( Cloud Services or the company ) provides cloud computing, managed hosting and colocation services to organizations worldwide. These services are primarily provided from the data center facility in Louisville, Kentucky with secondary services provided from the data center facility located in Chicago, Illinois. Types of services provided Cbeyond Cloud Services provides the following services within the scope of this report; however, customers can choose which of these services to purchase or to inactivate portion(s) of a service. Therefore, users of this report are recommended to confirm via the control panel, an internally developed system that provides for order entry, service provisioning and billing of Cloud Services solutions, or with their Cbeyond account executive which services are included within their contract. Managed Dedicated Hosting o Dedicated Hosting and Private Cloud o Database administration o OS Patch Management o Managed Backups o Managed Intrusion Protection System (IPS) o Managed Load Balancing o Managed Firewalling & Virtual Private Network (VPN) o Database-as-a-Service Virtual Hosting o Cloud Computing (Sites and/or Servers) o Database administration o OS Patch Management o Managed Backups o Managed Intrusion Protection System (IPS) o Managed Load Balancing o Managed Virtual Firewalling o Database-as-a-Service Colocation services 7

Components of the system providing the defined services Infrastructure Services are provided to users using IT equipment located primarily in the Louisville data center facility with failover services provided from the secondary data center facility in Chicago. These services are provided using a range of platforms, including Dell servers, Compellent Storage Area Networks (SANs) and Juniper Networking Equipment. Software Cbeyond Could Services provides IT outsourcing services using the above hardware, which then supports a range of operating system and database software. These provide common or dedicated platforms that are maintained by Cbeyond Cloud Services. In addition, for certain customers that have contracted with Cbeyond Cloud Services to perform these services, Cbeyond Cloud Services will also provide server backups, managed dedicated firewalling and managed load-balancing. People Services are provided by the Cbeyond Cloud Services Network Operations, Security, Support, Sales, Billing, Retention, Product Development, Information Technology (IT), Facilities and Executive Management teams located in Louisville, Kentucky, Chicago, Illinois and Atlanta, Georgia. All teams are recruited and managed using Cbeyond s policies and procedures. Procedures All teams are expected to adhere to the Cbeyond Cloud Services policies that define how services should be delivered. These policies are located on the company s intranet and can be accessed by any Cbeyond Cloud Services team member. Data Customer data is held in accordance with the relevant data protection and other regulations, with any specific requirements being set out in the customer contract. This data is held in a range of database technologies. Services covered by this report This scope of this report includes the network, servers and core systems significant to the services provided to customers with primary servers hosted in the Louisville data center facility and failover servers hosted in the Chicago data center facility, where support is provided by Cbeyond Cloud Services teams based in these locations and also in Cbeyond s corporate facility in Atlanta. The services provided are those identified above. This includes servers in their originally deployed state utilizing Cbeyond Cloud Services standard images and any additional specifications requested by the customer. 8

Administrator level access held by customers to their respective environment(s) is done via email to the primary address associated with the customer account. It is a uniquely generated password that follows the Cloud Services standard for secure passwords (at least 8 characters, lower and uppercase letters, one number and one symbol). This must also be paired with the customer s account information to be used. In addition, although recommended, it is at the customer s discretion that the uniquely generated initial password associated with the customer s user id is changed upon initial login. Since Dedicated and Virtual customers have administrator level access to most configurations and have the ability to perform logical security administration functions for their respective environments, any customer initiated changes or modifications to servers, services (including anti-virus definitions) or logical access entitlements are excluded from the scope of this report. Hypervisors are not used on dedicated servers unless enabled. Cloud Services requires that a customer be behind a dedicated firewall and on a customized network in order to implement a hypervisor. It is the customer s responsibility to maintain hypervisors where installed and this process is excluded from the scope of this report. Since customers are assigned keys to the server racks in which their servers reside, any server maintenance activities initiated and performed by customers are excluded from the scope of this report. 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information