Certificate Certificate number: 2017-009 Based on certification examination in conformity with defined requirements in ISO/IEC 17021:2015 and ISO/IEC 27006:2015, the Information Security Management System (ISMS) as defined and implemented by TASER International, Inc.* headquartered in Scottsdale, Arizona, United States of America, certified under certification number [2015-020], is also compliant with the requirements as stated in the standard: ISO/IEC 27018:2014 Issue date of certificate: February 28, 2017 Expiration date of certificate: October 21, 2018 EY CertifyPoint will, according to the certification agreement dated August 12, 2015, perform surveillance audits and acknowledge the certificate until the expiration date of this certificate or the expiration of the related ISMS certificate with number [2015-020]. *This certification is applicable for the assets, services and locations as described in the scoping section on the back of this certificate, with regard to the specific requirements for information security and related specific cloud security controls as stated in the Statement of Applicability approved on October 25, 2016. 1/5 Drs. R. Toppen RA Director EY CertifyPoint Copyrights with regard to this document reside with Ernst & Young CertifyPoint B.V. headquartered at Antonio Vivaldistraat 150, 1083 HP Amsterdam, The Netherlands. All rights reserved.
The scope of this ISO/IEC 27018:2014 certification is bounded by specified services of TASER International, Inc. and specified facilities. The ISMS is centrally managed out of TASER International, Inc. headquarters in Scottsdale, Arizona, United States of America. The in-scope applications, systems, people, and processes are globally implemented and operated by teams out of an explicit set of facilities that comprise TASER International, Inc. and are specifically defined in the scope and bounds. The TASER International, Inc. ISMS scope includes the following services: General The following statement defines the scope of services for the Taser ISMS of Evidence.com: An Information Security Management System that governs all customer data that resides in the Evidence.com application. The scope of the ISMS includes the assets, technologies and processes employed by Taser within its facilities for processing, management and delivery of the Evidence.com service to its customers. People The following departments are in-scope for the ISMS: Evidence.com System Management Evidence.com System Administration Evidence.com Developers/Engineers Evidence.com Security Operations Evidence.com Contractors Taser Human Resources Taser Information Security 2/5
Sites (Virtual Assets) The following are the list of IaaS provider processing regions, which align to the instances of Evidence.com in scope for the ISMS. United States (US) Evidence.com Amazon Web Services ( AWS ) US East (Northern Virginia) Region: AWS provides the physical data center building and servers, physical security, environment controls and IaaS offerings which Taser utilizes to create and manage dedicated a virtual network via Amazon Virtual Private Cloud ( VPC ), virtual machines via Amazon Elastic Compute Cloud ( EC2 ) instances, Elastic Load Balancing ( ELB ) load balancers, customer evidence data object storage via Amazon Simple Storage Service ( S3 ), user roles and access via AWS Identity & Access Management ( IAM ), and network connectivity. The EC2 instances host both Evidence.com application servers and database servers (Cassandra Database Management System and SQL Australia (AU) Evidence.com AWS Asia Pacific (Sydney) Region: AWS provides the physical data center building and servers, physical security, environment controls and IaaS offerings which Taser utilizes to create and manage dedicated a virtual network via Amazon VPC, virtual machines via Amazon EC2 instances, ELB load balancers, customer Europe (EU) Evidence.com AWS EU (Ireland) Region: AWS provides the physical data center building and servers, physical security, environment controls and IaaS offerings which Taser utilizes to create and manage dedicated a virtual network via Amazon VPC, virtual machines via Amazon EC2 instances, ELB load balancers, customer evidence data object storage via Amazon S3, user roles and access via AWS IAM, and network connectivity. The EC2 instances host both Evidence.com application servers and database servers (Cassandra Database Management System and SQL Server databases). 3/5
Sites (Virtual Assets) Brazil (BR) Evidence.com AWS South America (São Paulo) Region: AWS provides the physical data center building and servers, physical security, environment controls and IaaS offerings which Taser utilizes to create and manage dedicated a virtual network via Amazon VPC, virtual machines via Amazon EC2 instances, ELB load balancers, customer United Kingdom (UK) Evidence.com Skyscape Cloud Services (England) data centers: Skyscape provides the physical data center building and servers, physical security, environment controls IaaS offerings which Taser utilizes to create and manage dedicated a virtual private cloud network, virtual machines, load balancers, customer evidence data object storage, user roles and access, and network connectivity. The virtual machines host both Evidence.com application servers and database servers (Cassandra Database Management System and SQL Global Development, QA, and supporting tools AWS US West (Oregon) Region: AWS provides the physical data center building and servers, physical security, environment controls and IaaS offerings which Taser utilizes to create and manage dedicated a virtual network via Amazon VPC, virtual machines via Amazon EC2 instances, ELB load balancers, customer 4/5
Sites (Physical Locations) The Evidence.com application service is hosted solely on virtual infrastructure sitting on physical infrastructure located at IaaS provider facilities. Workstations used to manage the Evidence.com connect to the environments remotely from Taser office locations. The primary locations used to access IaaS provider infrastructure are Taser s offices in Scottsdale, Arizona, United States and Seattle, Washington, United States for the Evidence.com instances in the AWS environments. For the UK Evidence.com instance hosted in the Skyscape environment, access is from the Taser offices. The ISMS mentioned in the above scope is restricted as defined in the ISMS Scope and Boundaries document, version 1.4, approved on July 20, 2016 by the Vice President of Information Security, TASER International, Inc. 5/5