Skip to main content

SysTrust Certification
IBM ISS has achieved four consecutive certifications of its security operations centers (SOCs) by Ernst & Young using the SysTrust Trust Services principles.
Up to Information security solutions
Executive brief
Related reports & papers

The SysTrust seal indicates that such principles have been examined by an independent auditing firm in conformity with the rigorous American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) Trust Services Principles & Criteria.

Ernst & Young has evaluated Internet Security Systems (ISS)' operational practices and controls and has issued a unqualified opinion regarding ISS' conformity with the appropriate Trust Services Principles.

Ernst & Young's engagement addressed three of the Trust Services principles and examined ISS management's assertion that ISS maintained effective controls over the availability, security and confidentiality of the Managed Services system to provide reasonable assurance that during the period October 1, 2007 through September 30, 2008:

  • The system was available for operation and use at times set forth in service-level statements or agreements
  • The system was protected against unauthorized physical and logical access
  • Information designated as confidential was protected as committed or agreed

What is SysTrust?
SysTrust was developed jointly by the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA).

A SysTrust engagement is performed by a licensed CPA to evaluate a system's reliability as measured against the SysTrust principles and criteria. The CPA performs tests to determine whether the system was available for operation and use at times set forth in service level statements or agreements. If the system meets the requirements of the Trust Services Principles and Criteria, an unqualified attestation report is issued.

What is an Attestation Report?
An attestation report is produced when an independent accountant is engaged to perform an examination and issues a written communication that expresses a conclusion about the reliability of a written assertion that is the responsibility of management.

Ernst & Young has issued an Independent Accountant's Report expressing a conclusion on ISS' written assertions, or Management's Report, over the security, availability and confidentiality of the Managed Services system.

Read ISS' SysTrust Report.


Related reports & papers

Datasheet for IBM Managed Intrusion Detection and Prevention Service
Datasheet for IBM Managed Security Services -- Virtual-Security Operations Center portal
Datasheet for IBM Penetration Testing
Datasheet for IBM X-Force Research and Development Team
Datasheet: IBM MSS intelligence analyst
Frequently Asked Questions for IBM X-Force Threat Analysis Service
IBM Managed Protection Services for Networks, Servers and Desktop Firewalls
IBM Vulnerability Management Service
Security Operations Centers
The IBM ISS advantage
Get Adobe® Reader®
Back to top

Printable version E-mail this page

We're here to help

Chat now
E-mail us

or call us at
1-800-IBM-7080
Mention 108AE08W


Subscription

Subscribe to IdeaWatch
Sign up to receive monthly e-mail updates, including IBM Institute for Business Value studies and other fresh thinking from our consultants

RSS feed from IBM
Get business and IT insights from IBM Global Services, delivered direct to you via RSS

Podcast series
Listen to our executive reports at work or on the go