ABM Industries Incorporated

Similar documents
1. Lead Times. 2. Duration and Effective Date

Department of Homeland Security Office of Inspector General

THE REED INSTITUTE. Independent Auditors Report in Accordance with the Uniform Guidance for Federal Awards

Sanilac County Community Mental Health Authority

Office of Inspector General Student Data

City of Coquitlam. Request for Expressions of Interest RFEI No Workforce Scheduling Software

Companies like yours partner with AVI-SPL Service Solutions

THE REED INSTITUTE. Independent Auditors Report in Accordance with OMB Circular A-133. Year ended June 30, 2013

Using Trustwave SEG Cloud with Exchange Server

Request for Qualifications. INFORMATION TECHNOLOGY SERVICE PROVISION October 19, 2017

bd.com Pyxis Enterprise Server

Inspector General. Summary of Internal Control Issues Over the. Peace Corps. Financial Reporting. Office of. Background FISCAL YEAR 2017

Request for Qualifications: Information Technology Services

BIOMETRICS IN HEALTH CARE : A VALUE PROPOSITION FROM HEALTH CARE SECTOR

Vacancy Announcement

STATE OF RHODE ISLAND OFFICE OF THE GENERAL TREASURER

LAS VIRGENES MUNICIPAL WATER DISTRICT 4232 Las Virgenes Road, Calabasas, California 91302

R&D Tax Relief - The Essentials. 4 Minute Read

Siebel Installation Guide for Microsoft Windows. Siebel Innovation Pack 2017 July 2017

Software as a Service Agreements

Georgia Lottery Corporation ("GLC") PROPOSAL. PROPOSAL SIGNATURE AND CERTIFICATION (Authorized representative must sign and return with proposal)

New Ways of Working - How Cross-Boundary Collaboration is Transforming Business

Outsourcing Guidelines. for Financial Institutions DRAFT (FOR CONSULTATION)

BOT Notification No (4 September 2017)-check

Study Management PP STANDARD OPERATING PROCEDURE FOR Safeguarding Protected Health Information

Siebel Installation Guide for Microsoft Windows. Siebel Innovation Pack 2015, Rev. D November 2015

2. This SA does not apply if the entity does not have an internal audit function. (Ref: Para. A2)

Project Presenter Information

Lance J. Kerwin. Career Snapshot

Request for Proposal for Digitizing Document Services and Document Management Solution RFP-DOCMANAGESOLUTION1

STATE OF ILLINOIS UNIVERSITY OF ILLINOIS. Compliance Examination. (In Accordance With the Single Audit Act and OMB Circular A-133) June 30, 2011

LotusLive. Working together just got easier Online collaboration solutions for the working world

REQUEST FOR QUALIFICATIONS G ELLUCIAN (Datatel) COLLEAGUE CONVERSION TO MS SQL AND RELATED UPGRADES PROJECT

Army Enterprise Service Desk (AESD)-ARCYBER Convergence: A Contributing Element in Today s Defensive Cyber Operations (DCO)

real estate accounting outsourcing

Report of the Auditor General to the Nova Scotia House of Assembly. December Independence Integrity Impact

NORWICH UNIVERSITY TELECOMMUTING POLICY Reviewed and approved on April 30, 2012 OBJECTIVE

Department of Homeland Security Office of Inspector General

Ontario School District 8C

WEDC REQUEST FOR PROPOSALS:

The Chevron-Marketer Miami-Dade Fuel Your School Promotion Miami-Dade County in Florida

ONEONTA CITY SCHOOL DISTRICT Office of the Business Manager 31 Center Street Oneonta, NY Phone: (607) , ext Fax: (607)

2016 State of the SOX/Internal Controls Market Survey

Department of Health and Mental Hygiene Alcohol and Drug Abuse Administration

telework va A Sample Telework Pilot Program s Guidelines

Security Risk Analysis

Request for Proposal NYISO SGIG DBA RFP #: 12-7 NYISO DOE Smart Grid Investment Grant - Database Administrator Issued: February 2, 2012

REQUEST FOR PROPOSALS FOR DATA LOSS AND INTRUSION PREVENTION, DETECTION, AND RESPONSE SERVICES

Department of Homeland Security Office of Inspector General

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 9

IT Technical Support Unit 12. Outsourcing

Patient Safety Reporting System for Nursing Homes Patient Safety Authority Commonwealth of Pennsylvania. Government to Business (G to B)

Request for Proposals: Information Technology Strategy

Security Risk Analysis and 365 Days of Meaningful Use. Rodney Gauna & Val Tuerk, Object Health

GRAND JURY CASTS VOTE OF CONFIDENCE IN OC ELECTION PROCESS

REQUEST FOR PROPOSALS (RFP) Information Technology Services

Consolato d Italia. Cape Town

Getting the Most out of Business Process Outsourcing and Offshoring Initiatives with Desktop Virtualization WHITE PAPER

LEVERAGING OUTSOURCING STRATEGIES TO OPTIMIZE KEY OPERATIONAL AREAS FOR FINANCIAL SERVICES

Introduction to Grants Management at the King Baudouin Foundation: Implementing an Integrated Multilingual System

REQUEST FOR PROPOSAL FOR AUDIT SERVICES RFP W.E. Upjohn Institute for Employment Research 300 S. Westnedge Ave. Kalamazoo, MI 49007

U.S. Army Command and Control Support Agency

Request for Proposals (RFP) to Provide Auditing Services

MEMORANDUM OF UNDERSTANDING LEGAL AID ONTARIO ("LAO") and. COMMUNITY LEGAL CLINIC (the "Clinic")

TEMPLATE Competition Rules B2professional audience Microsoft NV 14/08/2014

Department of Defense INSTRUCTION. SUBJECT: Security of Unclassified DoD Information on Non-DoD Information Systems

Rapid Innovation Fund (RIF) Program

Can Federal Agencies Get More Out of Contracting to Improve Government Efficiency?

REQUEST FOR SERVICE QUALIFICATIONS (RSQ) FOR AUDIT & TAX SERVICES

Medical Manager v12 includes the following features and functionalities to assist you with your ICD-10 transition:

RFI /14 STATE OF FLORIDA AGENCY FOR HEALTH CARE ADMINISTRATION REQUEST FOR INFORMATION

Global IT-BPO Outsourcing Deals Analysis 1Q15 Analysis: January to March

KPMG Digital Health Pulse April 2017

Request for Proposal 1705A Wireless Network

Memorandum of understanding between the NHS Counter Fraud and Security Management Service and the Audit Commission

Work of Internal Auditors

SECURITY and MANAGEMENT CONTROL OUTSOURCING STANDARD for NON-CHANNELERS

ASX CLEAR OPERATING RULES Guidance Note 9

First, a little about me?

STATE OF NORTH CAROLINA

Office of the City Auditor. Results of the Agreed-Upon Procedures for the Police Property and Evidence Unit

COUNTY OF EL DORADO, CALIFORNIA

Town of View Royal. Request for Proposals. Microsoft Office 365 Implementation Services RFP #2018/04. Issue Date: June 20, 2018

Report No. DODIG Department of Defense AUGUST 26, 2013

Application Guide for the Aboriginal Participation Fund

BERKELEY CHARTER EDUCATION ASSOCIATION

Proposed Statement on Auditing Standard, Auditor Involvement With Exempt Offering Documents

Request for Proposals for an Election Judge Management System

WISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse

Terms of Reference AUDIT OF SOLAR HOME SYSTEMS PROJECT. The assignment is to engage an auditor for the following.

Town of Derry, NH REQUEST FOR PROPOSALS PROFESSIONAL MUNICIPAL AUDITING SERVICES

Privacy and Management of Health Information

PROPOSAL TO PROVIDE PROFESSIONAL SERVICES NORTH SAN JOAQUIN WATER CONSERVATION DISTRICT YEARS ENDING JUNE 30, 2014, 2015 AND 2016

The Criminal Justice Information System at the Department of Public Safety and the Texas Department of Criminal Justice. May 2016 Report No.

REQUEST FOR PROPOSAL (RFP)

Request for Information. Appraisal and Tax Billing Services Gwinnett County, Georgia. Department of Tax Assessors and Office of the Tax Commissioner

GLI Standards Composite Submission Requirements Initial Release, Version: 1.0 Release Date: August 25, 2011

Local Nonprofit Agency Risk Assessments


REQUEST FOR PROPOSAL (RFP)

Transcription:

ABM Industries Incorporated Report on ABM Industries Incorporated s Assertion about the Suitability of Design and Operating Effectiveness of its Controls Relevant to Security for its Primary IT Infrastructure System SOC 3 sm Report For the period January 1, 2015 to December 31, 2015

ABM Industries Incorporated Report on ABM Industries Incorporated s Assertion about the Suitability of Design and Operating Effectiveness of its Controls Relevant to Security for its Primary IT Infrastructure System SOC 3 sm Report For the Period January 1, 2015 through December 31, 2015 Table of Contents Section I. Section II. Section III. Independent Service Auditor s Report Management of ABM Industries Incorporated s Assertion Description of ABM Industries Incorporated s Primary IT Infrastructure System Overview of Services Provided... 8 Company Background... 8 Scope of Report... 8 Infrastructure... 8 Software... 9 People... 9 Procedures...10 Data...10

Section I Independent Service Auditor s Report

KPMG LLP 345 Park Avenue New York, NY 10154-0102 Independent Service Auditor s Report The Board of Directors of ABM Industries Incorporated: We have examined management's assertion that during the period January 1, 2015 through December 31, 2015, ABM Industries Incorporated ( ABM ) maintained effective controls over ABM s Primary IT Infrastructure System to provide reasonable assurance that the system was protected against unauthorized access (both physical and logical) based on the AICPA and CPA Canada trust services security criteria set forth in TSP section 100, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Technical Practice Aids). ABM's management is responsible for this assertion. Our responsibility is to express an opinion based on our examination. Management's description of the aspects of ABM s Primary IT Infrastructure System covered by its assertion is attached. We did not examine this description, and accordingly, we do not express an opinion on it. Our examination was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants and, accordingly, included (1) obtaining an understanding of ABM's relevant controls over the security of the ABM Industries Incorporated system; (2) testing and evaluating the operating effectiveness of the controls; and (3) performing such other procedures as we considered necessary in the circumstances. We believe that our examination provides a reasonable basis for our opinion. Because of the nature and inherent limitations of controls, ABM's ability to meet the aforementioned criteria may be affected. For example, controls may not prevent or detect and correct error or fraud, unauthorized access to systems and information, or failure to comply with internal and external policies or requirements. Also, the projection of any conclusions based on our findings to future periods is subject to the risk that changes may alter the validity of such conclusions. In our opinion, management's assertion referred to above is fairly stated, in all material respects, based on the AICPA and CPA Canada trust services security criteria. KPMG LLP June 2, 2016 New York, NY KPMG LLP is a Delaware limited liability partnership, the U.S. member firm of KPMG International Cooperative ( KPMG International ), a Swiss entity.

Section II Management of ABM Industries Incorporated s Assertion

Management of ABM Industries Incorporated s Assertion December 31, 2015 The management of ABM Industries Incorporated ( ABM ) makes the following assertion pertaining to ABM s Primary IT Infrastructure System: ABM maintained effective controls over its Primary IT Infrastructure System, during the period January 1 2015 through December 31 2015 based on the AICPA and CPA Canada Trust Services security criteria set forth in TSP section 100, Trust Services Principles, Criteria, and Illustrations for Security, Availability, Processing Integrity, Confidentiality, and Privacy (AICPA, Technical Practice Aids) to provide reasonable assurance that The system was protected against unauthorized access (both physical and logical). The attached description of ABM s Primary IT Infrastructure System identifies those aspects of the system covered by our assertion. ABM Industries Incorporated Anthony Scaglione Executive Vice President and Chief Financial Officer

Section III Description of ABM Industries Incorporated s Primary IT Infrastructure System

Overview of Services Provided Company Background Founded in 1909, ABM is an American corporation involved in outsourcing, building maintenance and facility management headquartered in New York, NY. ABM provides services to its customer s employees and business partners supported by hardware and software managed and secured in the company s primary IT infrastructure. Services offered to, customers and business partners include work order management, work force management and billing. Users of these services have been provided with logical and physical access to the services ABM supporting infrastructure of databases and operating systems for these services is housed in its Alpharetta, Georgia, data center (the Primary IT Infrastructure System ) The Primary IT Infrastructure System is comprised of the following five components:- Infrastructure (facilities, equipment and networks) Software (databases, operating systems, and utilities) People (developers, operators, users and managers) Procedures (automated and manual) Data (transactions streams, files and tables) The following sections of this description define each of these five components compromising the Primary IT Infrastructure System. Infrastructure ABM operates a data center facility located in Alpharetta Georgia that consists its primary IT infrastructure. ABM has implemented a variety of physical security and environmental controls to protect ABM and customer assets. The following distinctive characteristics and security features apply to ABM s facility: Secure facility with recorded video surveillance, facility access control via a magnetic card access system, continuous monitoring and 24x7 on premise staffing Experienced engineering support for major platforms including IBM AS/400.iSeries, Windows Server, and full suite of Microsoft Office products Daily operation management and support of ABM infrastructure Fully redundant environmental infrastructure including UPS and generator power, redundant cooling and humidification, and fire and smoke detection systems.

Operations center support providing premise staff and help desk support. The ABM data center hosts a hybrid cloud configuration with dozens of IaaS workloads running in Microsoft Azure. We have 1,700+ virtual machines, with over 1,500 running on Vmware and roughly 180 running on Hyper-V. An ABM firewall protects the servers housed within the data centers which are configured in a high availability mode. Intrusion detection systems (IDSs) are implemented throughout the network and are monitored by IT security personnel. Software Software used to manage and support the ABM Primary IT Infrastructure System include system/network and security monitoring. The platform is used for various accounting, financial management, labor, payroll, and project management activities by client. ABM servers run on Power Systems running on IBM ios. In addition, IBM DMZ is used for system, network, and security monitoring. Databases supporting the systems in the IT Infrastructure are MS SQL Server and DB2. People Security operations are under the direction of the Chief Information Officer. ABM is organized into the following functional Security groups:- Global Infrastructure Services: Responsible for managing the ABM infrastructure operations including operations within the Alpharetta Georgia data center, day to day computer operations, monitoring hardware services, maintaining and monitoring network communications and security administration. Monitors the IDS/IPS platforms and responds to each issue as they arise IT Security, Risk and Compliance: Responsible for identifying areas requiring controls and implementing such controls; manages the Security, Risk and Compliance for the IT Enterprise Group Enterprises Systems Group: Provides support to ABM customers on an enterprise and application basis Global Network Services: Responsible for making firewall changes and maintaining the IPS. Personnel policies are documented and background checks are conducted for all personnel hired. Upon employment, employees are required to sign confidentiality documents. Regularly scheduled management meetings are held to discuss special processing requests, operational performance, and the development and maintenance of projects in place. ABM Industries Incorporated 9 Description of System, Control Environment, and Complementary User Entity Controls

Procedures ABM has documented policies and procedures to support the operation and control over its Primary IT Infrastructure System. Specific examples of the relevant policies and procedures include the following: Change Management Software Development Physical Security Access Administration Server Security and Maintenance Security Incident Reporting Data This component of ABM s Primary Infrastructure System definition is limited to the electronic information (e.g. log files, incident management reports, change management tickets, and monitoring data) used to support infrastructure components of the System for the purposes of the work order management, work force management and billing services outlined in this description. It excludes customer and business partner controlled information that is housed in their own locations. ABM Industries Incorporated 10 Description of System, Control Environment, and Complementary User Entity Controls

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback