Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security



Similar documents
SOC 3 for Security and Availability

Independent Service Auditors Report

Service Organization Controls 3 Report

Independent Accountants Report

SOC 3 for Security and Availability

Cloud Computing An Auditor s Perspective

Effectively using SOC 1, SOC 2, and SOC 3 reports for increased assurance over outsourced operations. kpmg.com

Independent Accountants Report

SOFTLAYER TECHNOLOGIES, INC.

SOC 3 SYSTRUST FOR SERVICE ORGANIZATIONS REPORT

Ayla Networks, Inc. SOC 3 SysTrust 2015

SECURITY AND REGULATORY COMPLIANCE OVERVIEW

Service Organization Controls 3 Report

Service Organization Controls 3 Report. Report on Hyland Software, Inc. s OnBase Online Cloud Platform, relevant to Security and Availability

SOC on Amazon Web Services (AWS) What You Need To Know Understanding the regulatory roadmap for SOC on AWS

System Description of the Date Center System Relevant to Security and Availability (SOC 3) November 1, 2011 through April 30, 2012

The Internet Corporation for Assigned Names and Numbers (ICANN)

Service Organization Control Reports

Information for Management of a Service Organization

SECTION I INDEPENDENT SERVICE AUDITOR S REPORT

Qualification Guideline

IBM Cloud Security Draft for Discussion September 12, IBM Corporation

CLOUD BASED SCADA. Removing Implementation and Deployment Barriers. Liam Kearns Open Systems International, Inc.

SSAE 16 for Transportation & Logistics Companies. Chris Kradjan Kim Koch

Security Controls What Works. Southside Virginia Community College: Security Awareness

Service Organization Control 3 Report

Third Party Risk Management 12 April 2012

Cloud Security. Peter Jopling IBM UK Ltd Software Group Hursley Labs. peterjopling IBM Corporation

SERVICE ORGANIZATION CONTROL REPORTS SM. Formerly SAS 70 Reports

Security Issues in Cloud Computing

The Panoptix Building Efficiency Solution: Ensuring a Secure Delivery of Building Efficiency

PCI Compliance for Cloud Applications

The Changing SAS 70 Landscape Dan Hirstein Director Rebecca Goodpasture Senior Manager Deloitte & Touche LLP January 13, 2011

ALERT LOGIC FOR HIPAA COMPLIANCE

VMware vcloud Air Security TECHNICAL WHITE PAPER

Transparency. Privacy. Compliance. Security. What does privacy at Microsoft mean? Are you using my data to build advertising products?

Paxata Security Overview

Service Organization Control (SOC 3) Report on a Description of the Data Center Colocation System Relevant to Security and Availability

IBM Cognos TM1 on Cloud Solution scalability with rapid time to value

Cloud Computing An Internal Audit Perspective. Heather Paquette, Partner Tom Humbert, Manager

Agio Remote Monitoring and Management

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

SECURITY AND EXTERNAL SERVICE PROVIDERS

AskAvanade: Answering the Burning Questions around Cloud Computing

Service Organization Control (SOC) Reports Focus on SOC 2 Reporting Standard

Cloud Computing: Risks and Auditing

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

Pega as a Service. Kim Singletary, Dir. Product Marketing Cloud Matt Yanchyshyn, Sr. Mgr., AWS Solutions Architect

Report of Independent Accountants. To the Management of Verizon Communications Inc. Verizon Business IP Application Hosting:

Understanding Cloud Storage for Mainframe Virtual Tape

Service Organization Control (SOC) reports What are they?

Information Blue Valley Schools FEBRUARY 2015

THE BLUENOSE SECURITY FRAMEWORK

Cloud Computing. Figure 1

Department of Homeland Security

GOVERNANCE AND SECURITY BEST PRACTICES FOR PAYMENT PROCESSORS

Data, Data, Who Has The Data?

CLOUD MANAGED SERVICES FRAMEWORK E-BOOK

Security from a customer s perspective. Halogen s approach to security

Securing the Cloud infrastructure with IBM Dynamic Cloud Security

Agio Managed Backup FLEXIBILITY RELIABILITY TRANSPARENCY SECURITY. CONTACT SALES (877) agio.com

Federal Aviation Administration. efast. Cloud Computing Services. 25 October Federal Aviation Administration

Cloud Data Security. Sol Cates

CLOUD TECH SOLUTION AT INTEL INFORMATION TECHNOLOGY ICApp Platform as a Service

ClickTale Security Standards and Practices: Delivering Peace of Mind in Digital Optimization

A COALFIRE PERSPECTIVE. Moving to the Cloud. NCHELP Spring Convention Panel May 2012

Purpose. Service Model SaaS (Applications) PaaS (APIs) IaaS (Virtualization) Use Case 1: Public Use Case 2: Use Case 3: Public.

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

PCI Requirements Coverage Summary Table

IT Audit in the Cloud

NETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015

Open Data Center Alliance Usage: Provider Assurance Rev. 1.1

White Paper How Noah Mobile uses Microsoft Azure Core Services

Time to Value: Successful Cloud Software Implementation

SOC 2 Report Seattle, WA (SEF)

Technical Proposition. Security

UCS Level 2 Report Issued to

Bring your data to life with Microsoft Power BI. Peter Myers Bitwise Solutions

Securing business data. CNS White Paper. Cloud for Enterprise. Effective Management of Data Security

Administering Windows Server 2012

PCI Requirements Coverage Summary Table

Orchestrating the New Paradigm Cloud Assurance

Transcription:

Webtrends Inc. Service Organization Controls (SOC) 3 SM Report on the SaaS Solutions Services System Relevant to Security For the Period January 1, 2015 through June 30, 2015 SOC 3 SM SOC 3 is a service mark of the American Institute of Certified Public Accountants

KPMG LLP Suite 2900 1918 Eighth Avenue Seattle, WA 98101 Independent Service Auditors Report The Board of Directors of Webtrends Inc.: We have examined management's assertion that during the period January 1, 2015 through June 30, 2015, Webtrends Inc. ( Webtrends ) maintained effective controls over the SaaS Solutions Services system to provide reasonable assurance that the system was protected against unauthorized access (both physical and logical) based on the AICPA and CPA Canada trust services security criteria set forth in TSP section 100, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Technical Practice Aids). Webtrends management is responsible for this assertion. Our responsibility is to express an opinion based on our examination. Management's description of the aspects of the SaaS Solutions Services system covered by its assertion is attached. We did not examine this description, and accordingly, we do not express an opinion on it. Our examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and, accordingly, included (1) obtaining an understanding of Webtrends relevant controls over the security of SaaS Solutions Services system; (2) testing and evaluating the operating effectiveness of the controls; and (3) performing such other procedures as we considered necessary in the circumstances. We believe that our examination provides a reasonable basis for our opinion. Because of the nature and inherent limitations of controls, Webtrends ability to meet the aforementioned criteria may be affected. For example, controls may not prevent or detect and correct error or fraud, unauthorized access to systems and information, or failure to comply with internal and external policies or requirements. Also, the projection of any conclusions based on our findings to future periods is subject to the risk that changes may alter the validity of such conclusions. In our opinion, management's assertion referred to above is fairly stated, in all material respects, based on the AICPA and CPA Canada trust services security criteria. August 27, 2015 Seattle, Washington KPMG LLP is a Delaware limited liability partnership, the U.S. member firm of KPMG International Cooperative ( KPMG International ), a Swiss entity.

Webtrends Inc. SaaS Services System Description Overview of Company and Services Webtrends Inc, doing business as Webtrends, a Delaware limited liability company (Company), has operated continuously in Portland, OR since 1993. Webtrends pioneered Software as a Service (SaaS) Analytics in 1999. Since 2005, the Company has been owned by Francisco Partners. In 2008 the Company further expanded its SaaS offerings by acquiring Widemile Inc., for its Optimize solution. Webtrends offers a portfolio of digital solutions that help brands understand consumer behaviors and enable them to act on those insights in the very moment they need to act. Utilizing advanced big data analytics, Webtrends solutions provide a consistent customer experience across all digital channels on any device the customer uses, helping brands remain connected and relevant to their customers, increase productivity and maximize yield on investments. The scope of the report encompasses Webtrends Optimize, Webtrends Streams, Action Center, Data Collection API (DCAPI), Streaming API (SAPI), and Streaming Collection Service (SCS), ( the System ). Webtrends Optimize is an application that provides the ability to test online content in order to optimize the online experience throughout the customer journey Webtrends Streams is an application that provides real-time exploration, segmentation and visualization of online behaviors and enables the delivery of such data via SAPI (see below) Webtrends Action Center is an application that enables the integration of in-session, customer-level Web data with 3rd party action systems. DCAPI is a Data Collection API that provides an alternative to JavaScript/image request collection by SAPI is a Streaming API that delivers event and/or individual-level data in JSON format, enabling integration with other applications. SCS provides streaming data collection of online behaviors for use within the Webtrends applications This report covers the SaaS solutions described above and the suitability of the design of controls to meet the criteria for the security principles defined in the Trust Services Principles (TSP) section 100 covering the period from January 1, 2015 June 30, 2015. The System is composed of the following five aspects: Infrastructure, including facilities, equipment and networks. Software, including operating systems, databases, utilities and proprietary applications. People, including managers, operators, users and developers and other Webtrends employees. Procedures, both automated and manual. Client data, both in transit and at rest. Infrastructure Webtrends SaaS Operations personnel operate, manage, monitor and maintain the System from the SaaS Operations Center or remotely over secure VPN for on-call activities. Core systems are developed, operated and maintained by Webtrends.

Webtrends leverages third party colocation services for the System and additionally third party Infrastructure as a Service (IaaS) services for the portions of the Optimize solution. Supporting functions performed by these providers are monitored by Webtrends through the review of SOC reports and other means. The System employs a hybrid cloud deployment model with virtualized resources. The infrastructure is divided into multiple, geographically dispersed colocation facilities. These facilities are located in Hillsboro, OR, Las Vegas, NV, Ashburn, VA, Amsterdam, NL, Sydney, AU and Tokyo, JP. Software Webtrends SaaS Solutions use a mix of Microsoft Windows and Linux physical and virtualized servers as platforms for its proprietary data collection, content optimization, and data processing and reporting applications. Webtrends employs commercial and open source third party solutions for network monitoring, audit log aggregation, configuration management, etc. All network accesses are managed through active directory authentication and authorization. People Webtrends SaaS Operations is responsible for support of the System. Only authorized personnel can administer systems or perform security management and operational functions. Webtrends performs background checks, including criminal checks, education and employment report, for all employees upon hire. Information security responsibilities are documented and all employees must sign as part of their onboarding. General Information Security training is provided to all new employees as part of their onboarding. A compulsory annual security and privacy training requirement ensures employees refresh their knowledge and understanding. Additional security training is provided to employees who handle client data. Procedures All key repeatable processes and security checks in SaaS Operations are either documented in procedures or implemented as automation script, including: Access Control Change Management Logging & Monitoring Technical Vulnerability Management (including anti-malware, configuration and patching) Security Incident Response Data All data collected by Webtrends on behalf of its clients is the property of the respective clients and classified as highly confidential under the Webtrends Information Classification policy, which provides employees with the necessary guidance for information handling.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information