RUS | ENG

Supported by:

EPAM Awarded ISAE 3402 Type 2 Certification for All Major Development Centers Worldwide

Companyís 10th Consecutive Year of Leading the Region with Effective Compliance and Control Strategy

Source: EPAM Systems
Mar 06, 2017
EPAM Systems, Inc. (NYSE: EPAM), a leading global provider of product development and software engineering solutions, today announced that its development centers in Belarus, Bulgaria, China, Czech Republic, Hungary, Kazakhstan, Poland, Russia, and Ukraine have been successfully reassessed for the International Standard on Assurance Engagements (ISAE) 3402 Type 2 certification. This certification demonstrates proof of a sustained, effective global control mechanism. The assurance report, issued by Deloitte Auditing and Consulting Ltd, was the result of a comprehensive, four-month audit and included controls over information security, resource strategy and planning, information systems operations, database and application systems implementation and maintenance, and software and hardware support.

The ISAE 3402 Type 2 (formerly SAS 70 Type II) was designed specifically to address customerís requirements that service organizations demonstrate that they have adequate internal control systems to protect data and sensitive information belonging to the customers.

"These standards deliver transparency to our customers, helping strengthen their trust in EPAM, giving us a true competitive advantage. We believe we are the only service provider with multiple delivery centers, across nine countries, that are ISAE 3402 Type 2 certified, which means that we are compliant with the most rigorous standards set for a service organizationís internal controls," said Yuriy Goliyad, Head of Global Operations, EPAM. "Our successful completion of this audit report, for the 10th consecutive year, demonstrates our continued commitment to protecting our customerís sensitive data through the operational excellence of our delivery centers."

In todayís global economy, customers need to know that any service provider they work with has sufficient controls and safeguards in place. Successful completion of the ISAE 3402 Type 2 audit can help distinguish providers as the report assures customers that the certified service organization has appropriate controls in place.

"This certification, along with our ISO 27001:2013, CMMI, SOX and ISO 9001, is further evidence of our continued investment in ensuring our customerís security. This is part of our very robust controls and compliance program, which weíve invested in from day one, to build transparency and aggressively decrease risk for our customers engaged in strategic delivery programs," continued Goliyad.

The ISAE 3402 Type 2 is widely recognized and represents that a service organization has successfully undergone an in-depth audit of their internal controls. It was developed by the American Institute of Certified Public Accountants (AICPA) to provide an international assurance standard on the controls at a service organization that are likely to impact or be part of the user organizationís system of internal control over financial reporting.