C I Host Earns Coveted SAS-70 Certification

Service Auditor assures that C I Host reliably and securely manages all data center operations and functions

BEDFORD, TX (June 11, 2003) - C I Host's core data center facility in Dallas and all that center's systems and services have passed the rigorous testing of an audit called the SAS 70 that is required for companies who want to provide IT services to companies with high security and confidentiality requirements.

Passing the SAS 70, or Statement on Auditing Standards No. 70 Type I audit, is a key requirement for companies who wish to perform data center and web hosting functions for financial, health care and other security-sensitive or regulated organizations. Such institutions can't use Web hosting firms that haven't passed the SAS 70 audit. The audit is conducted by an independent auditing agency.

SAS 70 is the authoritative standard of the American Institute of Certified Public Accountants (AICPA). Service organizations use this standard to disclose their control activities and processes to their customers.

"This exhaustive, independent audit further illustrates our commitment to the security of our customers' data and the reliability of our networks and procedures," said Christopher Faulkner, CEO of C I Host. "Large enterprises can now use C I Host services with confidence."

In receiving SAS 70 approval, C I Host has become one of only three Web hosting companies in the world to have both this certification and the federal HIPAA certification, which is required to provide IT services for health care organizations.

The SAS 70 report's stamp of approval applies to C I Host's corporate policies surrounding management and personnel controls and the infrastructure and security controls that are associated with the operation of C I Host's data center and Web hosting functions.

SAS 70 Type I reports define and document the existence of such operational controls and evaluate the procedures relating to security measures, application system development and maintenance, customer service and disaster planning.

No deficiencies were found in any area tested during the assessment, which was conducted over a four-week period ending in the first quarter of 2003. A Type II audit, which C I Host plans to complete in 2003, tests the effectiveness of a company's controls over a specific period of time.

"Our operational and network teams deserve a tremendous amount of credit for assuring that C I Host's operations meet and exceed the rigorous standards and expectations of the SAS 70 principles," Faulkner said. "It is one more way we provide our customers with the most exacting and reliable service possible."

In November, C I Host received the federal HIPAA certification, thus making it eligible to provide information technology services to health care organizations, which must meet strict new patient confidentiality regulations.

HIPAA-compliant IT services are essential for the more than 2 million firms and nonprofit groups in the U.S. that deal with health care and must comply with federal regulations on how they handle electronic information about patients. HIPAA is the Health Insurance Portability and Accountability Act.

Being one of the first companies that provides Web hosting and other IT services to receive HIPAA certification has allowed C I Host to capture a large part of that sensitive market. The SAS 70 approval will further strengthen C I Host's position.

"We can save health care organizations and other companies with security and confidentiality needs months of paperwork and hundreds of thousands of dollars because we have already gone through the procedures to meet these exacting criterion," Faulkner said. "Outsourcing has never been more cost-effective."

C I Host has a consistent record of taking a proactive approach to using the most rigorous means to keep the Internet healthy and to protect the security and confidentiality of its clients' data.

When Code Red was wreaking havoc on computers and Web sites around the world, C I Host was one of the few companies that patched all of its servers, thus saving its clients from most of the harm done by that malicious code. C I Host's firewalls are among the strongest in the industry. C I Host's Service Level Agreements guarantee 99.9 percent uptime for its clients.

C I Host also goes the extra mile in providing security in all three data centers -- Texas, Chicago and Los Angeles. A recent update to the Los Angeles center included the installation of hot swap Cisco 7206 VXR routers and the addition of redundant firewall systems and biometric security measures.

"Each day our Chief Security Officer and his team perform a security scan and audit of our network to identify any new security risks," Faulkner said. "Security is the most important aspect of running a data center. It can make or break a company."

A copy of the SAS 70 report can be obtained by contacting Nancy St. Pierre at 817-868-6999 or through email at nancys@cihost.com.

About C I Host

C I Host (www.cihost.com), is a Web hosting and Internet solutions provider, domain name registrar (DNR) and application service provider (ASP) serving 190,000 individual consumers and businesses in 182 countries worldwide.

C I Host creates business-class hosting solutions for the small- and medium-enterprise (SME) market, with the broadest portfolio of managed hosting and value-added services in the industry. C I Host is accredited by ICANN to register domain names.

C I Host has been consistently ranked among the Top 5 Web hosting companies out of 16,000 around the globe by c|net's Ultimate Web Host List, HostPulse, WebHostsOnline.com and HostChart.com. C I Host offers turnkey services ranging from initial domain name registration to custom dedicated servers for e-commerce on today's Web. The company offers innovative packages and services to the Internet community.

C I Host operates three diverse data centers across the United States, with its main facility and Network Operations Center in Bedford, Texas. C I Host also has offices in Los Angeles, Baltimore, Chicago and London.

All telco-grade, tier-1 data centers are wholly owned and operated by C I Host and consist of redundant diesel generator backups and a temperature-controlled secure environment with fully redundant UPS capability. All server hardware is fully tested and configured for optimal performance. Daily Web server backups and full fire protection guard against any data loss. To deliver speed and reliability, C I Host's servers are connected to two OC-12 fiber connections, five DS-3 and two OC-3 lines from five diverse Internet backbones for a total of more than 2,000 Megabits of available bandwidth.