Independent Service Auditors Report

Similar documents
System Description of the Date Center System Relevant to Security and Availability (SOC 3) November 1, 2011 through April 30, 2012

Service Organization Control 3 Report

Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security

Report of Independent Accountants. To the Management of Verizon Communications Inc. Verizon Business IP Application Hosting:

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013

SOC 3 for Security and Availability

Independent Accountants Report

Independent Accountants Report

Service Organization Controls 3 Report

SOC 3 SYSTRUST FOR SERVICE ORGANIZATIONS REPORT

Ayla Networks, Inc. SOC 3 SysTrust 2015

SOC 3 for Security and Availability

Report of Independent Auditor

SOFTLAYER TECHNOLOGIES, INC.

THE FIRST UNIFIED DATABASE SECURITY SOLUTION. Product Overview Security. Auditing. Caching. Masking.

INDEPENDENT PRACTITIONER S TRUST SERVICES REPORT LIQUID WEB, INC.

The Internet Corporation for Assigned Names and Numbers (ICANN)

SRA International Managed Information Systems Internal Audit Report

Information for Management of a Service Organization

Tel: Fax: ey.com. Report of Independent Auditors

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com

University of Central Florida Class Specification Administrative and Professional. Information Security Officer

Report of Independent Auditors

Service Organization Controls 3 Report

UCS Level 2 Report Issued to

Cloud Computing An Auditor s Perspective

Service Organization Control (SOC 3) Report on a Description of the Data Center Colocation System Relevant to Security and Availability

Workshop 5051A: Monitoring and Troubleshooting Microsoft Exchange Server 2007

FINAL May Guideline on Security Systems for Safeguarding Customer Information

SERVICE SCHEDULE DEDICATED SERVER SERVICES

DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

Service Organization Controls 3 Report. Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability

Get what s right for your business. Technologies.

WEBTRUST FOR CERTIFICATION AUTHORITIES SSL BASELINE REQUIREMENTS AUDIT CRITERIA V.1.1 [Amended 1 ] CA/BROWSER FORUM

Reference Architecture: Enterprise Security For The Cloud

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

StratusLIVE for Fundraisers Cloud Operations

Security Controls What Works. Southside Virginia Community College: Security Awareness

Region 7 Education Service Center Request for Proposal (RFP) For Data Center services

Secure, Scalable and Reliable Cloud Analytics from FusionOps

SaaS Service Level Agreement (SLA)

White Paper How Noah Mobile uses Microsoft Azure Core Services

Service Organization Control (SOC) 3 Report

Table of Contents. Introduction. Audience. At Course Completion

Autodesk PLM 360 Security Whitepaper

Planning, Deploying and Managing Microsoft Project Server 2013

10 Things Your Data Center Backup Solution Should Do. Reliable, fast and easy backup is only the beginning

SERVICE SCHEDULE PUBLIC CLOUD SERVICES

GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS

MANAGED HOSTING SERVICES

WEBTRUST SM/TM FOR CERTIFICATION AUTHORITIES EXTENDED VALIDATION AUDIT CRITERIA Version 1.1 CA/BROWSER FORUM

Microsoft Dynamics 2011: MS Installation and Deployment

Microsoft Dynamics CRM 2011 Installation and Deployment

Lumension Endpoint Management and Security Suite Patch and Remediation 7.0 Service Pack 1 Migration Guide

Performance Audit of the San Diego Convention Center s Information Technology Infrastructure JULY 2012

Securing Oracle E-Business Suite in the Cloud

BKDconnect Security Overview

DIR Contract Number DIR-TSO-2621 Appendix C Pricing Index

Installation and Deployment in Microsoft Dynamics CRM 2013

DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?

MS-55115: Planning, Deploying and Managing Microsoft Project Server 2013

Storage Guardian Remote Backup Restore and Archive Services

HP 3PAR Software Installation and Startup Service

SECTION I INDEPENDENT SERVICE AUDITOR S REPORT

SAS No. 70, Service Organizations

Security Policy for External Customers

I. EXECUTIVE SUMMARY. Date: June 30, Sabina Sitaru, Chief Innovation Officer, Metro Hartford Innovation Services

Cloud Computing for Small to Mid Size Businesses. Tech66, LLC William Burleson

Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications

Outsource IT Services

Asset Manager Guide to SAS 70. Issue Date: October 7, Asset

SaaS Security for the Confirmit CustomerSat Software

CounselorMax and ORS Managed Hosting RFP 15-NW-0016

SAS 70 Type II Audits

HP 3PAR 7000 Software Installation and Startup Service

Client Security Risk Assessment Questionnaire

How To Secure An Rsa Authentication Agent

SERVICE ORGANIZATION CONTROL REPORTS SM. Formerly SAS 70 Reports

U.S. ELECTION ASSISTANCE COMMISSION OFFICE OF INSPECTOR GENERAL

Securing and Accelerating Databases In Minutes using GreenSQL

Managing internet security

City of Coral Gables

SERVICE SCHEDULE PULSANT ENTERPRISE CLOUD SERVICES

Toronto Public Library Disaster Recovery recommended safeguards and controls

Tom J. Hull & Company Type 1 SSAE

Transcription:

KPMG LLP Suite 1400 55 Second Street San Francisco, CA 94105 Independent Service Auditors Report The Board of Directors of GoDaddy.com, LLC: We have examined management's assertion that during the period July 1, 2012 to June 30, 2013, GoDaddy.com, LLC ( Go Daddy ) maintained effective controls over the Hosting Services system to provide reasonable assurance that the system was protected against unauthorized access (both physical and logical) based on the AICPA and CICA Trust Services security criteria. Go Daddy's management is responsible for this assertion. Our responsibility is to express an opinion based on our examination. Management's description of the aspects of the Hosting Services system covered by its assertion is attached. We did not examine this description, and accordingly, we do not express an opinion on it. Our examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and, accordingly, included (1) obtaining an understanding of Go Daddy's relevant controls over the security of the Hosting Services system; (2) testing and evaluating the operating effectiveness of the controls; and (3) performing such other procedures as we considered necessary in the circumstances. We believe that our examination provides a reasonable basis for our opinion. Because of the nature and inherent limitations of controls, Go Daddy's ability to meet the aforementioned criteria may be affected. For example, controls may not prevent or detect and correct error or fraud, unauthorized access to systems and information, or failure to comply with internal and external policies or requirements. Also, the projection of any conclusions based on our findings to future periods is subject to the risk that changes may alter the validity of such conclusions. In our opinion, management's assertion referred to above is fairly stated, in all material respects, based on the AICPA and CICA trust services security criteria. The SOC 3 seal on Go Daddy s Web site constitutes a symbolic representation of the contents of this report and it is not intended, nor should it be construed, to update this report or provide any additional assurance. August 8, 2013 San Francisco, California KPMG LLP is a Delaware limited liability partnership, the U.S. member firm of KPMG International Cooperative ( KPMG International ), a Swiss entity.

Management of GoDaddy.com, LLC s Assertion August 8, 2013 The management of GoDaddy.com, LLC, ( Go Daddy ) makes the following assertion pertaining to the Hosting Services System: Go Daddy maintained effective controls over the Hosting Services System, during the period July 1, 2012 through June 30, 2013, in Phoenix, AZ; Scottsdale, AZ; Mesa, AZ; Amsterdam, Netherlands; and Singapore based on the AICPA and CICA Trust Services security criteria to provide reasonable assurance that The system was protected against unauthorized access (both physical and logical) The attached description of the Hosting Services System identifies those aspects of the system covered by our assertion. GoDaddy.com, LLC. Blake Irving Chief Executive Officer

DESCRIPTION OF GO DADDY.COM, LLC S HOSTING SERVICES Background GoDaddy.com, LLC (Go Daddy), based in Scottsdale, Arizona, provides a broad range of internet business (e-business) related software and services. Go Daddy s hosting services refer to housing, maintaining, and providing internet service (bandwidth) to servers. Go Daddy offers the following hosting services: Web Hosting Servers - Dedicated and Virtual Dedicated Hosted Microsoft Exchange email services Go Daddy s hosting services are housed in data centers located at Phoenix, Arizona; Mesa, Arizona; Scottsdale, Arizona; Amsterdam, Netherlands; and Singapore as referenced in the table below. Data Center Buckeye Data Center in Phoenix, AZ K2 Data Center in Phoenix, AZ Mesa Data Center in Mesa, AZ Perimeter Data Center in Scottsdale, AZ Amsterdam Data Center in Amsterdam, Netherlands Singapore Data Center in Singapore Web Hosting Virtual Dedicated Servers Dedicated Servers Hosted Exchange Infrastructure Web Hosting houses multiple customers in a single server cluster (legacy customers may be housed on a single server). Through the Hosting Control Center (HCC), customers may access and manage their own content, including content stored on MySQL and MS SQL databases. Customers are also responsible for website setup and backups. Go Daddy manages system and hardware-level security and patching. Dedicated servers house a single customer per dedicated physical server. Initial configuration is performed through the Hosting Control Center (HCC). The customer controls system level access and is responsible for server setup, security, patching and backups. Go Daddy manages hardware-level security.

Virtual dedicated servers house several customer accounts on a single server. Each customer controls system level access to their virtual server environment. Customers are responsible for server setup, virtual server security and backups. Go Daddy manages hardware-level security and patching. Web Hosting, Dedicated Servers, and Virtual Dedicated Servers may be configured using Windows or Linux operating systems. Hosted Exchange provides customers with Microsoft Exchange mailboxes, contacts and calendars. Customers manage mailboxes using Hosted Exchange Control Center (HXCC). Go Daddy manages setup, system and hardware-security and patching. Firewalls protect the servers housed within the data center by service offering, and are configured in a high-availability mode. Intrusion detection systems (IDSs) are implemented throughout the network and are monitored by the Security Operations Center (SOC). The Go Daddy data centers are equipped with UPS, fire detection and suppression systems, backup generators, and HVAC Systems to protect systems from environmental threats. The Go Daddy collocation data centers are equipped with these environmental systems and a review by Go Daddy is performed to confirm the existence and operational status of these systems. Software HCC and HXCC are internally developed applications that are supported by Go Daddy s programming staff. HCC enables setup and management of Web Hosting, Dedicated Servers, and Virtual Dedicated Servers. HXCC enables setup and management of Hosted Exchange. Go Daddy hosting servers run on Microsoft Windows or Linux based operating system. Databases supporting the hosting servers run either MS SQL Server or MySQL. Microsoft Exchange servers run on the Microsoft Windows operations system, and databases supporting the Exchange servers run MS SQL Server. Parallels Virtuozzo and Bare Metal (PSBM) are used to create the virtualized server environments for Web Hosting and Virtual Dedicated Servers. People Go Daddy teams providing direct support to hosting customers consist of the following: Specialized inbound hosting support provides customer service and technical assistance Advanced hosting provides level two technical assistance for issues that cannot be resolved by inbound hosting support Hosting operations manages the hosted systems infrastructure and may provide level three technical assistance for issues related to hardware Hosting product development creates and supports hosting products and services and may provide level three technical assistance for issues related to software Additional functions within Go Daddy that indirectly support hosting include: Physical security is responsible for the safety of the buildings in which Go Daddy operates Critical Facilities is responsible for climate controls, fire suppression and power-related systems

Data center operations performs day-to-day operation of servers and related peripherals Security Operations Center (SOC) is responsible for security administration, intrusion detection, and security monitoring IT Operations Center (ITOC) maintains the communication environment and monitors the network Procedures The hosting services procedures covered by this system description include: Web and email customer account setup Information security and incident management Physical security Computer operations Change management Program development Go Daddy s procedures and controls are described in more detail in the sections that follow. Data Data, as defined for hosting services, constitutes account setup information. Account setup is processed online and provisioned through HCC or HXCC. These systems collect the data that Go Daddy is responsible for maintaining. For Web Hosting, Dedicated Servers, and Virtual Dedicated Servers, other data which is excluded from this report includes user content provided by Go Daddy s customers as well as applications installed by Go Daddy s customers. For Hosted Exchange, other data which is excluded from this report includes emails which are stored within the Microsoft Exchange servers.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information