Knock on wood; I’ve never had a cavity. Even though I’m cavity free, I still make it a point to see the dentist twice a year for a voluntary checkup and cleaning. Do I like going to the dentist? Not really. The visit takes time out of my day, my gums hurt after, and I’m sometimes told that I’m not doing enough for my teeth (Hey Doc, easy on the ego. After all, I’m cavity free!).
Are the visits still worthwhile? Are they valuable? Yes! Why? I want to make sure everything is okay with my pearly whites. My teeth get a good cleaning and I get a heads-up about anything needing attention.
My visits to the dentist are not that different from annual audits performed at Go Daddy. In addition to work performed by Internal Audit, Go Daddy completes multiple external audits each year. Several audits are required, others are voluntary… regardless, each provides Go Daddy and in turn, Go Daddy’s customers, with value.
The following is a summary of external reviews that are performed annually.
WebTrust
As an SSL Certificate Authority (CA), Go Daddy must undergo a 3rd-party audit to demonstrate that processes and controls are in place to support certificate issuance and integrity. Additional WebTrust information and Go Daddy’s certification can be found here: Go Daddy’s WebTrust.
Payment Card Industry Data Security Standards (PCI-DSS)
As a merchant that accepts payment cards, Go Daddy is required to be compliant with the PCI Data Security Standard (DSS). Annual compliance is validated by a Qualified Security Assessor (QSA) who reviews Go Daddy’s processes against the 212 PCI-DSS requirements.
Go Daddy’s Quick Shopping Cart provides customers a platform to establish an eCommerce site. Go Daddy undergoes an additional audit to certify the Quick Shopping Cart platform’s PCI compliance. An FAQ regarding Go Daddy’s PCI compliance as a service provider is available here:
Go Daddy PCI FAQ.
External Financial Audit
Although Go Daddy is a private company, a Big 4 audit firm is engaged to complete quarterly and annual audit procedures to verify that Go Daddy’s financial statements fairly present the organization’s financial position.
Service Organization Control Report (SOC)
An independent audit firm completes a Service Organization Control (SOC) assessment for Go Daddy’s hosting services. This assessment evaluates Go Daddy’s security controls against the Trust Services Principles and Criteria and results in the issuing of a SOC 2 and a SOC 3 Report. For more information see my last blog post: Hosting Security – Validated.
Conclusion
Whether internal or external, each audit is used as a health-check to confirm that policies, processes, and controls are in place and operating as expected. As an organization, we can see how we are doing and ensure we are continually improving for the customers we serve.
I believe audit is really very important in any business or establishment, as it determines whether the policy is followed or not. Great post! Thanks for pointing out these important things.