EPAM's Multiple Development Locations Are Successfully Reassessed For Compliance With the World's Leading Auditing Standard SAS 70 Type II

Press Release:

Newtown, PA — March 24, 2011 — EPAM Systems, Inc., the leading software engineering and IT Outsourcing (ITO) provider in Central and Eastern Europe (CEE), announces its 3 development centers in Hungary, Belarus, and Ukraine, together with the Global IT Service Center in Belarus, have been successfully reassessed for the SAS 70 Type II requirements. Deloitte Auditing and Consulting Ltd. has performed an in-depth audit of EPAM’s control objectives and control activities, including controls over information technology and related processes, and certified that they were operating 100% effectively. This has been the 4th certification successfully completed by EPAM across multiple centers reconfirming their operational efficiency.

SAS 70 audit reports are a widely recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) to serve as the authoritative guidance for the customer organizations and their auditors to gain visibility into the control activities and processes of a service organization. The scope of controls examined by the Deloitte Auditing and Consulting Ltd. experts included such areas: Security Policies, Organization Security, Asset Classification and Control, Personnel Security, Physical and Environmental Security, Communication and Operations Management, Access Control, System Development and Maintenance, as well as Regulation. The test period spanned May 1, 2010 to October 31, 2010.

As a more thorough report compared to Type I, SAS 70 Type II works as an additional guarantee to those organizations that have to validate the controls that are in place to protect the security of their sensitive data. This is a particularly important consideration for firms in data and information intensive industries like financial services and healthcare who are looking to engage an external services organization. Having the accuracy and integrity of a services provider’s operations certified by a SAS 70 review allows corporations to meet their own security and compliance obligations without assuming the costs and risks of conducting their own separate reviews.

"The SAS 70 Type II certification underscores the company’s focus on delivering outsourced software development with the most appropriate security controls in place, as also confirmed by the ISO/IEC 27001:2005 attestation we have received. Both demonstrate to our clients the strong sense of responsibility we take in securing and protecting the sensitive information and corporate assets used for project implementations. To ensure operational reliability and consistency, EPAM has invested heavily in establishing rigorous processes, a reliable and secure infrastructure, and the employee training necessary to effectively protect the interests and assets of our clients. EPAM will sustain its commitment to provide high system and process dependability through the controls and safeguards we have put in place across our global development and services centers,” commented Balazs Fejes, EPAM CTO."


About the AICPA and SAS No. 70, Service Organizations

The American Institute of Certified Public Accountants and its predecessors have been the voice of the accounting profession since 1887. The AICPA prides itself on its serving the CPA profession and the public interest to which it is profoundly committed. AICPA members work in all sectors of the business and financial services profession, including Public Accounting, Financial Planning, Tax, Business & Industry, Law, Consulting, Education and Government.

SAS No. 70, developed by AICPA, provides guidance on the factors an independent auditor should consider when auditing the financial statements of an entity that uses a service organization to process certain transactions. It also provides guidance for independent auditors who issue reports on the processing of transactions by a service organization for use by other auditors.
www.aicpa.org


About EPAM Systems


Established in 1993, EPAM Systems, Inc. is the leading global software engineering and IT consulting provider with delivery centers throughout Central and Eastern Europe. Headquartered in the United States, EPAM employs over 5,500 professionals and provides services to clients worldwide utilizing a global delivery model through its client facing and delivery operations in North America, UK, Germany, Switzerland, Sweden, Russia, Belarus, Hungary, Ukraine, and Kazakhstan.

EPAM's core competencies include complex software product engineering for leading global software and technology vendors, as well as development, testing, maintenance, and support of mission critical business applications and vertically oriented IT consulting services for global Fortune 2000 corporations.

EPAM is recognized among the top companies in IAOP's "The 2010 Global Outsourcing 100" and in "The 2010 Global Services 100" by Global Services Magazine and NeoAdvisory. The company is the only CEE's IT services vendor included in the global "Top 10 Best Performers: IT Services" in the magazine's 2009 rating. For the 2nd year running, EPAM was also listed among the world's "Top Outsourced Product Development" vendors in "The 2010 Global Services 100".

www.epam.com

For further information, please contact: press@epam.com