OVERVIEW OF OPERATIONS

Company background
GoodData offers the worlds most powerful cloud BI platform, providing our customers and partners with operational dashboards, advanced reporting and data warehousing at a fraction of the cost and complexity of other approaches. This is done by combining the reach of Web 2.0 with the massive scalability of cloud computing to deliver a new generation of collaborative analytics. GoodData is run by an experienced team and backed by renowned investors. We are headquartered in San Francisco, with engineering in the Czech Republic.

Description of the service

GoodData enables companies to collaborate around the data that drives their business through a powerful, on-demand service. GoodData offers a complete business intelligence platform-as-aservice (BI PaaS), providing operational dashboards, advanced reporting and data warehousing at a fraction of the cost and complexity of other approaches. Aiming to support users to make better business decisions, GoodData provides users to expand their reporting capabilities through: On-demand Dashboards, Reporting and Analytics Ad-Hoc Analysis Collaborative Business Intelligence Built as a complete integrated platform and offered as a service, GoodData has a robust offering of applications that are easily adaptable to business requirements: GoodData for Salesforce: complete managed service for sales, marketing and support analytics. Powered by GoodData: enables SaaS and Cloud providers to deliver their customers with embedded dashboards and flexible reporting, without the cost and complexity of building dedicated BI framework from scratch. Custom BI: applications can be built with any data from any source, leveraging the flexibility of GoodData platform and easy to integrate data loading interface.

DESCRIPTION OF CONTROLS
Internal control is a process effected by GoodDatas board of directors, executive management, and other personnel and consists of four interrelated components. 1. Control environment The control environment at GoodData begins at the highest level of the company. The board of directors and executive management play an important role in the company's tone. Their leadership, integrity and ethics are all part of GoodData's corporate culture. The functional organizational structure is in place, providing a framework for operational effectiveness, appropriate segregation of duties, including separation of the planning, execution and business operations. GoodData has formalized their hiring practices to determine whether new, rehired, or transferred employees are qualified to perform their individual job functions and responsibilities. Job functions and employee performance are reviewed annually. Each employee has a written job description, including the responsibilities to communicate significant issues and exception in a timely manner to an appropriate level of authority within GoodData. 2. Risk management The Company has a defined process in place for the on-going identification and management of current business risks. Risks are identified and managed through prudent business practices that include a high standard of ethics, standardized personnel practices, watchful contract review, and insurance. In addition, our business plan, which is evaluated periodically during the year, evaluates risk in different areas and addresses how to manage identified risks. 3. Monitoring GoodData utilizes various automated systems, including event log and application management tools. The automated systems listed below monitors the availability, performance, operational data and security of the GoodData platform. Automatic indexing of all events are used to evaluate the service level. Alert notifications are generated and corrective actions are initiated, as appropriate to the individual components of the architecture and platform in general. Corrective actions are initiated when alert events are triggered. Documented escalation policies and procedures provide response guidelines in the event of security breaches, operational incidents and system outages. Comprehensive documentation is maintained to help operational personnel in handling day-to-day issues, all of which is logged and resolved in timely manner. Post mortems are convened after any significant service level issue which affects the production environment. In addition, executive management have real-time access to the systems logs, reports and dashboards. High-level performance and availability reports are produced and discussed during regular management meetings. Internal and external security assessments are conducted to evaluate the performance against security standards and known threats.

4. Information and communication system Management is involved in the day-to-day operations and provides personnel with an understanding of their individual roles and responsibilities pertaining to internal controls. This includes regular company meetings to provide updates on business performance and goals, including an understanding of how different activities relate to the work of others, nature of the internal controls and the means of reporting exceptions to the appropriate higher level of management. To maintain timely and effective communication with its customers, GoodData utilizes the Customer Support Portal for service notifications, knowledge sharing and as a primary point of contact for the customer requesting assistance. Both internal and external communication is based on various communication channels to simplify the process of information flow.

CHANGE MANAGEMENT
Changes implemented to GoodDatas platform are subjected to the change management processes, to provide assurance that changes are authorized, tested, properly implemented, and documented. Base component of the change management within GoodData is formal Technology roadmap, the document that reflects the Company business objectives. The roadmap is updated semi-annually to embrace the changing business requirements. Day-to-day change management processes are aligned to Agile methodologies, based on iterative and incremental model of development. The short iteration and lower scope of the individual changes provides faster validation to the Companys executive management and to mitigate the risks associated with the change. Requests for change are collected, categorized, and prioritized using project management tools. All planning, in-progress and implemented changes are audited and periodically reviewed. Change management framework is in place, as well as proper segregation of duties for the initiation, solution design and implementation, testing, approval and verification of changes. Operating system changes, upgrades, patches and security fixes released by operating system vendor are evaluated by systems administrator to determine critical changes for the production environment. Once a set of patches has been identified by the system administrators, they are tested in a pre-production environment before being released into the production system. The changes to the production environment can be implemented only by authorized members of Operations team. High-level overview of implemented changes to GoodDatas platform is maintained for individual releases, with the list of patches and security fixes available on demand from platform monitoring systems.

GOODDATA PLATFORM
The architecture of GoodDatas platform is designed to align the individual functional and security aspects into well-defined layers. This structure provides robust data processing and strengthens the private and security of the customers data.

Integration The data integration and modeling framework provides a comprehensive API to create a flexible data model and input the business data into GoodData platform, both pragmatically and via data integration tools. An easy-to-use client application (GoodData CL) is provided as a wrapper to GoodDatas Web API, addressing typical integration use-cases. Main features include: fully scriptable data loading interface that easily integrates with any new or existing deployment workflow support for full/partial uploads, trending, snap-hosting and alerting built-in Flexibility of the data model enables each customer to setup and manage the solution to fit their analytical use-cases. Input and output is always protected by SSL encryption technology. Multi-tenant constrains GoodData platform provides robust data architecture to accommodate the large number of customers without requiring a separate instance for each individual tenant (customer). The foundation of the security constraints lies within the individual layers of the architecture:

 User authentication/authorization on Web API layer guarantees valid identity is attached to each request and authorized for access to required resources. Logical security measures, and relationship between individual users, projects, meta-model and data stores are configured within Control Layer. Multiple providers are available to support various authentication methods (enabling Single-Sign-On and embedded applications). All operational tools are controlled in respect to the individual projects, and strictly adhere processing only on a single project. Strict execution separation is maintained by ROLAP Engine. Every single client request is broken down to sets of task, not sharing contextual or security information with any other requests. Physical separation of the meta-model and data is established on Storage Cloud where each project is configured as a separate physical entity. Physical connection to the data store is subjected to a per-project access credentials configured and stored within Control Layer. Platform management The platform management applications are in place to guarantee effectiveness of the day-to-day operational status and to maintain stored data. GoodData seamlessly provides a number of the internal processes, including: Periodic backups are performed several times a day to highly durable storage facilitated by Amazon S3. The backups are encrypted. Referential integrity is ensured by both automated and on-demand checks. Residual information, including out-of-date caches and unreferenced objects, is periodically marked for cleanup and consequently disposed of when not longer used. Definitions of scheduled emails are evaluated every 30 minutes to dispatch any outstanding reports. In order to provide reasonable assurance for long term consistency of the output the regression tests are performed to the changes introduced to the GoodDatas platform.

Physical Infrastructure
GoodDatas on-demand analytics platform is built and hosted on top of the Amazon Web Services (AWS), leveraging its scalable, reliable and distributed computing infrastructure. Deployment across multiple geographical regions, and different availability zones (physical data centers) for redundancy and high-availability Ability to migrate the infrastructure to any availability zone and geographical region. Instant provisioning of any type of server (node). All GoodData platform servers are allocated to the respective security groups, characterized by a specific security settings (TCP/IP level), supplemented by an individual instance level stateful firewalls.

Linux Operation system images are provided by vendor and Amazon AWS, with the regular patch management performed internally (between the major releases of the operation system), and periodically reviewed for security vulnerability by a 3rd party as part of general security reviews. Maintenance of the operating system images, patch management and security hot-fixes to the operating system images are subjected to the regular change management. Access to the production environment is limited to the core operational personnel only, using encrypted session (SSH) and public/private key cryptography. All keys are stored within credentials vault. Access requests/grants/revocation are recorded and periodically reviewed. GoodData Operations teams uses direct communication with Amazon using Premium Subscription, which includes proactive alerting to any issues that may affect the operational status of GoodData platform. The support is provided around-the-clock (24 x 7 x 365), with guarantee of 1 hour maximum response time for issues classified as Urgent. Amazon AWS commitment is to use all commercially reasonable efforts to guarantee Annual Uptime Percentage of at least 99.95% during the Service Year for Amazon EC2 availability, and 99.99% for Amazon S3. Highly durable and secure storage environment using Amazon S3 guarantees data durability of 99.999999999%, ideal for backups storage and disaster recovery.

CUSTOMER CONTROL CONSIDERATIONS

GoodDatas platform is design and operated with the assumption that certain policies and controls are implemented by its customers. This section describes the considerations that complement corresponding controls on our side. Data modeling and security Customers should be careful to prevent unintentional leakage of the highly sensitive and personal information by exposing them within GoodData. By accepting platform Terms and Conditions customers acknowledge and agree to control dissemination of such information during data extraction/loading phase. The sensitive information we discourage customers to upload, but are not limited to: personal identication social security drivers license nancial account or credit card numbers and other personal information Customers should incorporate GoodData into internal user lifecycle procedures to guarantee the correct permissions and authorization is maintained. Customers should assign appropriate roles to the individual users to prevent unwanted changes to the projects. Dashboard only role is recommended for users accessing GoodData only via embedded dashboards. Service status Customers should subscribe to the official GoodData announcement (available via Support Portal) to stay informed about scheduled maintenances, updates to the service and unplanned service interruptions.