Ernst & Young issues regulatory compliance report for cloud provider Penta


Geneva- and Dubai-based private cloud computing supplier Penta was once again issued with a clean “no deviations noted” regulatory compliance report performed by independent auditors EY (Ernst & Young).

In addition, EY also confirmed that Penta meets the Swiss Financial Market Supervisory Authority’s (FINMA) requirements for outsourcing.

Unlike usual compliance reports in the IT sector, Penta’s compliance reporting covers the full range of managed IT services, from data center facilities to network access, malware prevention, business continuity and change management. IT providers often only provide compliance for their one particular area of business, and do not usually issue audit guarantees for the full end-user service.

Audited across 17 key areas

The International Standard on Assurance Engagement ISAE 3402 Type 2 report is the result of an extensive independent audit covering 1 April 2014 to 31 March 2015. It refers to seventeen key aspects of Penta’s operations, including security measures, data protection, environmental controls and service level agreements.

“We started the auditing process in 2009 with SAS 70 audits and upgraded to the international ISAE 3402 standard to demonstrate Penta’s commitment to the highest standards of operational excellence,” says Penta CEO Farhad Khalilnia. “Outstanding results of the audits prove Penta’s commitment to stringent security and controls for the fifth year running.”

The annual audit allows Penta’s private cloud computing services to be used in sensitive sectors such as banking and finance, healthcare and government. The audits can be presented to regulatory bodies as corroboration that the industries’ IT compliance requirements are met.

In parallel with the ISAE 3402 certification, EY carried out an audit and confirmed Penta’s compliance with FINMA’s regulations. It means that Penta’s operations and infrastructure meet the strict IT standards required for banks, securities dealers and larger financial groups in Switzerland.

Penta COO Hossein Fezzazi: “A growing number of companies moving to the cloud in compliance-sensitive industries often require specialized audits to validate security and operational controls. At Penta we take this burden off their shoulders so that they can concentrate on their core business.”

“We are happy to present the outcome of EY’s detailed audit which for the second time confirmed Penta’s compliance with FINMA regulations, some of the most stringent for any business that seeks to be under regulatory compliance. It is a testament that our services meet the highest demands,” adds Fezzazi.