IBM SysTrust Certification

SysTrust Certification

IBM ISS has achieved four consecutive certifications of its security operations centers (SOCs) by Ernst & Young using the SysTrust Trust Services principles.

Up to IT Services

Executive brief

The SysTrust seal indicates that such principles have been examined by an independent auditing firm in conformity with the rigorous American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) Trust Services Principles & Criteria.

Ernst & Young has evaluated Internet Security Systems (ISS)' operational practices and controls and has issued a unqualified opinion regarding ISS' conformity with the appropriate Trust Services Principles.

Ernst & Young's engagement addressed three of the Trust Services principles and examined ISS management's assertion that ISS maintained effective controls over the availability, security and confidentiality of the Managed Services system to provide reasonable assurance that during the period October 1, 2007 through September 30, 2008:

The system was available for operation and use at times set forth in service-level statements or agreements
The system was protected against unauthorized physical and logical access
Information designated as confidential was protected as committed or agreed

What is SysTrust?
SysTrust was developed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).

A SysTrust engagement is performed by a licensed CPA to evaluate a system's reliability as measured against the SysTrust principles and criteria. The CPA performs tests to determine whether the system was available for operation and use at times set forth in service level statements or agreements. If the system meets the requirements of the Trust Services Principles and Criteria, an unqualified attestation report is issued.

What is an Attestation Report?
An attestation report is produced when an independent accountant is engaged to perform an examination and issues a written communication that expresses a conclusion about the reliability of a written assertion that is the responsibility of management.

Ernst & Young has issued an Independent Accountant's Report expressing a conclusion on ISS' written assertions, or Management's Report, over the security, availability and confidentiality of the Managed Services system.

Read ISS' SysTrust Report.

Printable version

E-mail this page

Subscription

Podcast series
Listen to our executive reports at work or on the go

Subscribe to IdeaWatch
Sign up to receive monthly e-mail updates, including IBM Institute for Business Value studies and other fresh thinking from our consultants

RSS feed from IBM
Get business and IT insights from IBM Global Services, delivered direct to you via RSS