SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013



Similar documents
CoreSite A Carlyle Company. 70 Innerbelt Colocation Services

Presentations, One Summer Street UPS/ Generator Power and Boston Data Center Facility Overview. GridSolar, LLC

Service Organization Control (SOC 3) Report on a Description of the Data Center Colocation System Relevant to Security and Availability

SWAP EXECUTION FACILITY OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

SOC 2 Report Seattle, WA (SEF)

UCS Level 2 Report Issued to

DESIGNATED CONTRACT MARKET OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

OPERATIONAL CAPABILITY TECHNOLOGY QUESTIONNAIRE

VOLICO. Colocation Hosting. Enterprise Hosting Solutions

White paper. SAS Solutions OnDemand Hosting Overview

SOC 3 SYSTRUST FOR SERVICE ORGANIZATIONS REPORT

System Description of the Date Center System Relevant to Security and Availability (SOC 3) November 1, 2011 through April 30, 2012

SITECATALYST SECURITY

Report on FTHC, LLC d/b/a Miami Data Vault s Description of its Data Center System and on the Suitability of the Design and Operating Effectiveness

Retention & Destruction

Report of Independent Accountants. To the Management of Verizon Communications Inc. Verizon Business IP Application Hosting:

san francisco//usa data center specifications tel: fax: internet + intellectual property + intelligence

CHICAGO S PREMIERE DATA CENTER

hong kong//china data center specifications tel: fax: internet + intellectual property + intelligence

Independent Service Auditors Report

Powering the Cloud Desktop: OS33 Data Centers

Fax

SECTION I: REPORT OF INDEPENDENT SERVICE AUDITORS... 3 SECTION II: MANAGEMENT OF INTERNAP NETWORK SERVICES CORPORATION'S ASSERTION 5

Understanding Sage CRM Cloud

Report of Independent Auditors

7QUESTIONSYOUNEEDTOASKBEFORE CHOOSINGACOLOCATIONFACILITY FORYOURBUSINESS

DATA CENTRE DATA CENTRE MAY 2015

vcloud SERVICE Virtual Tech in partnership with Equinix - vcloud Service

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Data Centre Stockholm II, Sweden Flexible, advanced and efficient by design.

Colocation. Scalable Solutions for a Shared IT Infrastructure. Enterprise. Colocation

MOVING INTO THE DATA CENTRE: BEST PRACTICES FOR SUCCESSFUL COLOCATION

LEVEL 3 DATA CENTER SERVICES IN OMAHA, NEBRASKA HIGH AVAILABILITY ENTERPRISE COMPUTING BUSINESS DEMANDS IT. LEVEL 3 DELIVERS IT.

AT&T Internet Data Center Site Specification - Phoenix Area (Mesa, AZ)

Data Centre Barrie, Ontario

Description of the Administration of Verizon Terremark Colocation Services Relevant to Security and Availability

Datacenter Assessment

Service Organization Control 1 Type II Report

Why All Data Centers are Not Created Equal

REVIEWED ICT DATA CENTRE PHYSICAL ACCESS AND ENVIROMENTAL CONTROL POLICY

Security Whitepaper: ivvy Products

Level I - Public. Technical Portfolio. Revised: July 2015

Colocation. Scalable Solutions for Shared IT Infrastructure. Enterprise. Colocation

Data Center Solutions

Data Centre Infrastructure

Brochure Achieving security with cloud data protection. Autonomy LiveVault

Data Center Infrastructure & Managed Services Outline

Tier IV Enterprise - Class Data Center

Hosted Testing and Grading

Data Center Presentation

DATA CENTRE DATA CENTRE

AT&T Internet Data Center Site Specification Chicago Area (Lisle, IL)

How To Visit An Internet Data Center

StratusLIVE for Fundraisers Cloud Operations

Service Organization Control 3 Report

AT&T Internet Data Center Site Specification San Diego Koll (San Diego, CA)

South Asia s First Uptime Institute Certified TIER-IV IDC in Mumbai delivering % guaranteed uptime

SOC 1 (SSAE NO. 16) TYPE 2 REPORT ON CONTROLS PLACED IN OPERATION FOR DATA CENTER SERVICES BROADRIVER INC. AUGUST 1, 2014 TO JULY 31, 2015

Datacentre Studley. Dedicated managed environment for mission critical services. Six Degrees Group

INDEPENDENT PRACTITIONER S TRUST SERVICES REPORT LIQUID WEB, INC.

ISOMEDIA COLOCATION

National Aluminium Co. Ltd.

OCDC. OMNIconnect Data Centre.

NeuStar Ultra Services Physical Security Overview

Network Router Monitoring & Management Services

DATACENTER COLOCATION. Flexible, Secure and Connected

Frankfurt Data Centre Overview

Data Center Checklist

AT&T Internet Data Center Site Specification New York III (Secaucus, NJ)

REQUEST FOR PROPOSALS PINE CREST DEVELOPMENT CORPORATION COLOCATION DATA CENTER OPERATOR

Evaluating Datacenter Colocation

Experience Matters...

Data Center Build vs. Buy

Contents Error! Bookmark not defined. Error! Bookmark not defined. Error! Bookmark not defined.

Private Clouds & Hosted IT Solutions

MARULENG LOCAL MUNICIPALITY

19 Site Location, Design and Attributes. Site Location, Design and Attributes

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Perceptive Software Platform Services

LDeX Group. Colocation Solutions for High Expectations

Data Center Overview Document

Colocation, Hot Seat Services, Disaster Recovery Services, Secure and Controlled Environment

Colocation. Introduction. Structure of the service. Service Description

melbourne//australia data center specifications internet + intellectual property + intelligence tel: fax:

POWERING A CONNECTED ASIA. Pacnet Hong Kong CloudSpace1 Technical Specifications. Asia s Pioneering Facility with Direct Subsea Cable Access

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Tom J. Hull & Company Type 1 SSAE

Security & Infra-Structure Overview

Pacnet Hong Kong CloudSpace2 Technical Specifications. Upholding the Principles of Efficiency and Sustainability in Data Center Design

AT&T Internet Data Center Site Specification Washington-DC Area (Ashburn, VA)

Transcription:

SYSTRUST CERTIFICATION REPORT FOR COLLOCATION AND DATA CENTER HOSTING SERVICES FOR THE PERIOD FROM JANUARY 1, 2013 TO DECEMBER 31, 2013

TABLE OF CONTENTS SECTION I: INDEPENDENT PRACTITIONERS TRUST SERVICES REPORT PROVIDED BY MARCUM LLP 2 SECTION II: MANAGEMENT OF SERVICE ORGANIZATION S ASSERTION 4 SECTION III: SYSTEMS DESCRIPTION OF COLLOCATION AND DATA CENTER HOSTING SERVICES PROVIDED BY 6

SECTION I: Independent Practitioners Trust Services Report Provided by Marcum LLP P AGE 1

INDEPENDENI NT PRACTITIONERS TRUST SERVICESS REPORT To the Management of Markley Group, Inc.: We have examined management s assertion that during the period January 1, 2013 to December 31, 2013, Markley Group, Inc. ( Markley ) maintained effective controls over the collocation and data center hosting services based on the AICPA and CICA Trust Services Availability and Security Criteria to provide reasonable assurance that: The collocation and data center hosting services environment wass protected against unauthorized physical and logical access; The collocation and data center hosting services environment was available for operation and use as committed or agreed; based on the AICPA and CICA trust services availability and security. Markley management is responsible for this assertion. Our responsibility is to expresss an opinion based on our examination. Management s description of the aspects of the collocation and data center hosting services covered by its assertion is attached. We did not examine this description, and accordingly, we do not express an opinion on it. Our examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and, accordingly, included (1) obtaining an understanding of Markley s relevant controls over availability and security, (2) testing and evaluating the operating effectiveness of the controls; and (3) performing such other procedures as we considered necessary in the circumstances. We believe that our examination provides a reasonable basis for our opinion. Because of the nature and inherent limitations in controls, Markley Group s ability to meet the aforementioned criteria may be affected. For example, controls may not prevent or detect and correct error or fraud, unauthorized accesss to systems and information, or failure to comply with internal and external policies or requirements. Also, the projection of anyy conclusions based on our findings to future periods is subject to the risk that changes may alter the validity of such conclusions. In our opinion, Markley management s assertion referred to above is fairly stated, in all material respects, based on the AICPA/CICA Trust Services Criteria for Availability and Security. The SysTrust seal on Markley s website constitutes a symbolic representation of the contents of this report and it is not intended, nor should it be construed, to update this report or provide any additional assurance. Boston, Massachusetts s March 31, 2014 P A G E 2

SECTION II: Management of Markley Group, Inc. Service Organization s Assertion P AGE 3

SYSTEM DESCRIPTION OF COLLOCATION AND DATA CENTER HOSTING SERVICES PROVIDED BY SECTION III: SYSTEM DESCRIPTION OF COLLOCATION AND DATA CENTER HOSTING SERVICES PROVIDED BY P AGE 5

SYSTEM DESCRIPTION OF COLLOCATION AND DATA CENTER HOSTING SERVICES PROVIDED BY MARKLEY GROUP OVERVIEW Markley Group specializes in the development and operation of mission critical facilities and has developed thirteen data center and telecom buildings throughout North America and Europe. In the years between 1992 and the present, Markley Group completed more than 500 telecom/data center transactions, amassed a 2.2 million square foot portfolio of buildings in cities including Boston, Chicago, Miami, Las Vegas, San Francisco, Toronto, Paris, Marseille, Geneva, Milan and Frankfurt. In 1998, Markley Group acquired the One Summer Street, Boston, Massachusetts property for its strategic location in Boston s Downtown Crossing area. The 800,000 square foot building sits adjacent to major confluence of subway lines which serves as the intersection of all major fiber loops in the Boston area. In addition to the location, the buildings structure was ideally suited for data center and telecommunications use. The masonry block construction, steel frame and poured concrete floors suited the needs for strength, weather resistance, fire resistance, loading capacity and security. Since acquiring the property, Markley Group has invested more than $100 million into the property developing it into a preeminent, master-planned data center and telecom facility. As part of the development of the facilities, Markley Group invested heavily in collocation, interconnection and managed services. The building began offering collocation space and limited managed services in 2001. Since that time, Markley Group has expanded to fourteen active data centers with two more in development to accommodate the growth in collocation clientele. The neutral collocation facility features Necessary plus 1 (N+1) infrastructure redundancy throughout the facility, multiple fiber paths, multiple power grids, and 24-hour manned security in addition to cameras, biometric access and fuel supply on site. Tenants can establish their data center and/or backup site, mirror site or disaster recovery site within the collocation facility and tenants have access to any of the more than 50 domestic and international carriers who provide IP transit. Markley Group provides services by three different means: cabinet space from as little as a single cabinet to as many cabinets or racks as required by the tenant(s), caged collocation space or entirely segregated space. Tenants also have the option to lease fully built out data center space in the facility and can either selfmanage or have Markley Group manage the equipment. Private, high-security suites range from 500 square feet to 60,000 square feet. Markley Group also offers a full range of operational managed services, including Systems Monitoring, Remote Hands, and Managed Move Migration Plans. INFRASTRUCTURE Markley Group has expanded to eleven active data centers with two more in development to accommodate the growth in collocation clientele. The neutral collocation facility features Necessary plus 1 (N+1) infrastructure redundancy throughout the facility, multiple fiber paths, and multiple power grids. P AGE 6

SYSTEM DESCRIPTION OF COLLOCATION AND DATA CENTER HOSTING SERVICES PROVIDED BY PEOPLE Operations are under the direction of Senior Management, which consists of the CEO, Asset Manager, VP of Operations, SVP and General Counsel, CFO and Chief Infrastructure Manager of Markley Group. The organization employs a staff of approximately fifty (50) employees and is supported by the following functional areas: Asset Management Responsible for the building and leasing. Operations Responsibilities include data center management, customer service, security and bandwidth. Infrastructure Responsibilities include managing and maintaining infrastructure components (i.e., UPS, generators, cooling and maintenance) and construction. Sales and Marketing Responsibilities include development and sales. PROCEDURES Markley Group has implemented policies and procedures to support the operations and controls over its collocation and data center hosting services. Visitor and contractor access to the general facility as well as to sensitive areas is strictly controlled and all visitors have their identity and representation verified prior to entering the premises. Facility and systems alerts which are displayed in the Network Operations Center and emailed/text messaged to appropriate data center personnel are acted on according to well defined criteria and procedures. MONITORING Markley Group s management is responsible for monitoring the quality of internal control performance as routine part of its activities. Management meetings are held regularly as part of the monitoring function. A technical support team is available 24 hours per day, 7 days per week and responsible for monitoring overall network and collocation operations. This responsibility includes responding to network monitoring alerts, site access requests and other support requests initiated by the user organizations. Advanced monitoring systems are in place to monitor performance on the following components: Power Temperature and humidity Leak/water detection Fire detection and prevention systems Physical access Video surveillance The aforementioned monitoring systems are configured to automatically alert appropriate technicians via email or text message in the event specified thresholds are exceeded and monitored from the Network Operations Center. P AGE 7

SYSTEM DESCRIPTION OF COLLOCATION AND DATA CENTER HOSTING SERVICES PROVIDED BY HIGH AVAILABILITY AND SECURE NETWORK DESIGN Physical Security Physical security policies and procedures are in place to guide employees activities for controlling physical access. Entrances to the collocation and data center hosting facility is locked 24 hours per day via proximity card/electronic proximity card readers and fingerprint biometric scanners. Access to the collocation data center hosting facility is granted to authorized and approved individuals. Access to the collocation data center hosting facility is revoked as a component of the employee termination process and/or upon user organization s notification for individuals termination of services. Access privileges are restricted by the physical security system to areas where user organization equipment is located. Customer equipment is physically secured via segregated locking cabinets and/or cages. New hires are approved by the VP of Operations or by the local manager who the employee reports to prior to access being granted. New Hires are subject to background checks which are performed by a third party. User access is terminated (deleted or disabled) on a timely basis after termination of employment. Password parameters and account lockout settings are configured to prevent unauthorized access to systems and data. Motion activated security cameras are located at entry points and various locations throughout the collocation facilities. Visitors are required to be escorted at all times by an individual authorized to access the collocation facilities. Security incidents are documented, researched, resolved and escalated in a timely manner. Regulatory changes are the responsibility of the Data Security Coordinator. Changes are assessed to determine the impact of external and internal risks to the business. Environmental Security The collocation and data center facility is equipped with fire detection and suppression systems which include the following: o Smoke detectors o Audible and visual fire alarms o Hand-held fire extinguishers o Pre-action fire suppression system o VESDA air sampling smoke detection system A third party vendor inspects the fire detection and suppression equipment on an annual basis. The collocation and data center hosting facility is equipped with redundant heating, ventilating and air conditioning (HVAC) equipment. P AGE 8

SYSTEM DESCRIPTION OF COLLOCATION AND DATA CENTER HOSTING SERVICES PROVIDED BY The collocation and data center hosting facility is equipped with uninterruptible power supply (UPS) systems and on-site diesel generators. The collocation and data center hosting facility is equipped with redundant utility supplies from diverse power grids. The collocation and data center hosting facility is equipped with water detection devices and/or raised floors. CHANGE MANAGEMENT Changes to the collocation infrastructure components (i.e., UPS, HVAC, fire suppression, monitoring devices) adhere to the infrastructure lifecycle policies and procedures that is in place at Markley. Below is an outline of the procedures that are in place to ensure changes to the system and system components are performed in a controlled and coordinated manner: Procedures exist to ensure that the design, development, implementation and operation of systems security and availability adhere to standard operating procedures. Procedures exist to maintain system components to ensure proper functionality. Procedures exist to provide that emergency changes are documented and authorized in a timely manner. Considerations for Users of the Accompanying SysTrust Examination Report The scope of the collocation system covered by this system description is limited to the security and availability of the supporting technology solutions above, which are managed by Markley Group. User organization infrastructure components, data transmissions (received/sent) and storage of transactional customer data on user organization s infrastructure is not in scope of this report. P AGE 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information