SaaS Security

 

IntelliSoft Group delivers its Software as a Service (SaaS) offer through an independently audited, secure collocation data facility. Several controls are in place to ensure a secure operating environment, service continuity and availability. IntelliSoft makes available information about these controls on a general basis only as specific descriptions of these controls would potentially present security risks through their disclosure.

 

 

Statement on Auditing Standards No. 70

Service Organizations - SAS 70 Type II Certification

 

IntelliSoft's collocation facility is SAS 70 II certified. SAS 70 is available in full-text by permission of the AICPA. SAS 70 is an auditing statement issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA) with its content codified as AU 324. SAS 70 provides guidance to service auditors when assessing the internal controls of a service organization and issuing a service auditor's report. SAS 70 also provides guidance to auditors of financial statements of an entity that uses one or more service organizations. Service organizations covered include hosted data centers and application service providers (ASPs).

There are two types of service auditor reports. A Type I service auditor's report includes the service auditor's opinion on the fairness of the presentation of the service organization's description of controls that had been placed in operation and the suitability of the design of the controls to achieve the specified control objectives.

A Type II service auditor's report includes the information contained in a Type I service auditor's report and also includes the service auditor's opinion on whether the specific controls were operating effectively during the period under review.

 

 

Physical Security

 

An independent audit has confirmed that control activities in place provide reasonable assurance that the design, maintenance and operation of security systems are sufficient to secure the premise.

A third party security company is engaged to monitor physical security 24 X 7 X 365 and both a magnetic badge and biometric access system are utilized to control access to and within the collocation facility. Controls are in place to remove access privileges for terminated employees, or when access is not required for an existing employee. A physical inventory process is utilized to track access sensitive equipment. A network video recorder camera system is used to monitor activity in and around the facility. A general alarm system is used throughout the collocation facility as are man-traps.

 

 

Internet and Information System Security

 

IntelliSoft Group deploys and manages hardware and software security controls through organic personnel and third parties. The internet and information system security risk is dynamic, so IntelliSoft changes the security technologies it uses from time to time.

Additionally, IntelliSoft Group personnel follow security policies and procedures and have restricted access to customer data via remote link.

 

 

Collocation Infrastructure

 

The collocation infrastructure supports a high availability and continuity environment. The data center offers diverse fiber points of entry. IntelliSoft has direct access to 20+ onsite carriers and service providers as well 100+ via the facility's Any2 Northeast Internet exchange.

The site contains robust primary and emergency power, and onsite technical staff to monitor and support the infrastructure. All components are concurrently maintainable.

Five (5) 300-ton modular chillers, 450 tons of air conditioning, maintain constant temperature and humidity. The site contains anti-static 24-inch raised flooring with designated power runs and cooled air delivery. The environmental data center's monitoring is tied to ALC. The site uses isolated return-air ceiling plenum.

The property is easily accessible via major thoroughfares to maintenance crews and emergency services crews.