EPAM Systems Extends Regional Lead in Security Adding ISO/IEC 27001:2005 Standard Certification to its Existing SAS 70 Type II Certification

Newtown, PA — April 15, 2010 — EPAM Systems, Inc., the leading software engineering and IT Outsourcing (ITO) provider in Central and Eastern Europe (CEE), announced today that it has received ISO/IEC 27001:2005 certification for its Information Security Management System (ISMS). EPAM obtained this reputable certification in Kyiv, Ukraine, from the Norway-based Det Norske Veritas (DNV), one of the world's leading assessment companies. The scope of the certificate is "Outsourced software development in accordance with the latest version of the Statement of Applicability".

ISO/IEC 27001:2005 is an internationally recognized standard that ensures that adequate and proportionate security controls are set within the organization to safeguard information and intellectual property assets. This certification specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving a documented Information Security Management System within the context of the organization's overall business risks.

This certificate demonstrates EPAM's dedication to protecting its clients' information assets and addressing security concerns by defining and maintaining the strictest security policies and verifying their adherence by recognized industry standards. This ISO/IEC 27001:2005 certification signifies that relevant laws and regulations are being met in practice, not just in theory.

"EPAM's ISO 27001:2005 certification provides substantial and quantifiable evidence to assure our customers of our dedication to safeguard their information assets. Our strong Information Security Management System now meets the world's two leading security standards. The recent ISO 27001 certification further demonstrates EPAM's region leading example of 3 years ago when we became the first ITO provider in Central and Eastern Europe to achieve SAS 70 Type II certification. ISO 270001:2005 and SAS 70 Type II combined continue our position of leadership in security for our industry and region and are vital parts of EPAM's global strategy," stated Balazs Fejes, EPAM CTO.

"Based on the auditors' findings collected throughout the certification process, we can state that the performance of EPAM, coupled with the management's commitment to operate this system, led to a successful certification process. Awarding the certificate means that a company meets the requirements of the standard. However, during this process, it was clear that EPAM surpassed the required level and showed a mature and well implemented information security management system," said László Adlovits, Country Manager at Det Norske Veritas.

About EPAM Systems

Established in 1993, EPAM Systems, Inc. is the leading global software engineering and IT consulting provider with delivery centers throughout Central and Eastern Europe. Headquartered in the United States, EPAM employs over 5,000 professionals and provides services to clients worldwide utilizing a global delivery model through its client facing and delivery operations in North America, UK, Germany, Switzerland, Sweden, Russia, Belarus, Hungary, Ukraine, and Kazakhstan.

EPAM's core competencies include complex software product engineering for leading global software and technology vendors, as well as development, testing, maintenance, and support of mission critical business applications and vertically oriented IT consulting services for global Fortune 2000 corporations.

EPAM is recognized among the top companies in IAOP's "The 2010 Global Outsourcing 100" and in "The 2009 Global Services 100" by Global Services Magazine and neoIT. The company is the only CEE's IT services vendor included in the global "Top 10 Best Performers: IT Services" and also ranked among the world's "Top 10 Best Performers: Outsourced Product Development" according to the magazine's 2009 rating.

For further information, please contact: press@epam.com