Dimension Data Cloud Solutions, Inc

CERTIFICATE OF REGISTRATION Cloud Security Management System - CSA STAR Certification 2013

The Certification Body of BrightLine hereby certifies that the following organization operates an Information Security Manage- ment System that complies with the requirements of CSA STAR Certification 2013 Dimension Data Cloud Solutions, Inc.

for the following scope of registration The scope of the ISO/IEC 27001:2013 certification is the information security management system (ISMS) supporting the management of the infrastructure and services used to support the Dimension Data Cloud Business Unit including (i) Infrastructure as a Service (IaaS) and associated services; (ii) managed hosting; and (iii) Cloud Services for Microsoft (CSfM) and (iv) Enterprise Mobility as a Service (EMaaS) and aligned to ISO/IEC 27018:2014 in accordance with the statement of applicability version 1.0.03. Assets within the scope of the ISMS include information, software, databases, hardware, and information technology as a service (ITaaS) employees supporting the Cloud Business Unit service offering, including Service Operations, Network Operations Center, Cloud Operations and Infrastructure, Human Resources, Legal, and Research and Development.

which includes the following in-scope locations on page 2 of 2

Holds Certificate Number: 1722500-1

Authorized by:

Christopher L. Schellman President, BrightLine 1300 N. West Shore Blvd, Suite 240 Tampa, Florida 33607, United States www.BrightLine.com

Issue Date Original Registration Date Expiration Date Certificate Version October 2, 2015 October 2, 2015 October 1, 2018 Original – No Revisions

Page 1 of 2 CONDITIONS & LIMITATIONS: 1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO 27001:2013 and to maintain the requisite maturity level for the award type specified above. 2. This certificate is subject to the satisfactory completion of annual surveillance audits by BrightLine. 3. ISO 27001:2013 and CSA STAR Certification audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be construed as a guarantee or assurance that an organization is unsusceptible to information security breaches. 4. The information in this document is provided “AS IS”, without warranties of any kind. BrightLine expressly disclaims any representations and warranties, including, without limitation, the implied warranties of merchantability and fitness for a particular purpose. 5. This certificate is the property of BrightLine and is bound by the conditions of contract. Certificate Number: 1722500-1

In-Scope Locations Ashburn Operations Center: 43490 Yukon Drive, Suite 209, Ashburn, Virginia, 20147, United States Bangalore Operations Center: Unit 2, 10th Floor - Whitefield Road, Innovator Block, ITPL, Bangalore 560066, India Santa Clara Operations Center: 5201 Great America Parkway, Suite 120, Santa Clara, California, 95054, United States San Diego Operations Center: 16875 West Bernando Drive, Suite 270, San Diego, California, 92127, United States Sydney Operations Center: 3 Richardson Place, North Ryde, Sydney, NSW 2113, Australia

Also included in the scope of the ISMS are the following data center locations Canberra (CBR01): 2 Leonora Street, Fyshwick, Australian Capital Territory, 2609, Australia Melbourne (MEL01): 826 Lorimer Street, Port Melbourne, VIC 3207, Australia Sydney (SYD01): 47 Bourke Road, Alexandria, Sydney, NSW 2015, Australia São Paulo (GRU01): Al. Araguaia 3641 Tamboré Barueri, SP CEP: 06455-000, Brasil Toronto (YYZ01): 550 Cochrane Drive, Markham, Ontario, L3R 8E3, Canada Hong Kong (HKG01): Cavendish Centre, No. 23, Yip Hing Street, Wong Chuk Hang, Hong Kong London (LHR02): 11 Hanbury Street, London, E1 6QR, United Kingdom London (LHR03): Unit 2 Powergate Business Park, Volt Avenue, London, NW10 6PW, United Kingdom Frankfurt(FRA01): Kruppstraße 121-127, 60388 Frankfurt, Germany St Peter Port (GCI01): First Tower Lane, Saint Peter Port, GY1 2RZ, Guernsey Ahmedabad (AMD01): BSNL IDC Ahmedabad, Ground and Third Floor, Bapunagar Telephone Exchange Building, Ahmedabad, 280024, India Jakarta (CGK01): Jalan Medan Merdeka Barat No 21, Jakarta, 10110, Indonesia Jakarta (CGK02): Jl. Pahlawan Seribu Lot 12 A, CBD-BSD, Tangerang, 15222, Indonesia Tokyo (HND01): 10-24 Nishikasai-5, Edogawa-ku, Tokyo, Japan ST Saviour (JER01): Unit 1-3 L’Avenue De Bas, Rue Des Pres Trading Estate, St Saviour, JE2 7QN, Jersey Amsterdam (AMS01): Luttenbergweg 4, Amsterdam Zuidoost, 1101 EC, The Netherlands Hamilton (HLZ01): 14 Simsey Pl, Te Rapa, Hamilton 3200, New Zealand Johannesburg (JNB01): Erf 2096, Randview Business Park, Malibongwe Drive, Ferndale Ext 9, 2194 Johannesburg, South Africa California (SJC03): 255 Caspian Drive, Sunnyvale, California, 94089, United States California (SNU01): 1525 Comstock St. Suite #1, Santa Clara, California, 95054, United States Virginia (IAD03): 44470 Chilum Place, Ashburn, Virginia, 20147, United States Virginia (IAD05): 21701 Filigree Court, Building D, Ashburn, Virginia, 20147, United States Virginia (ASH02): 44664 Guilford Drive, Ashburn, Virginia, 20147, United States Virginia (AHS01): 43881 Devin Shafron Drive, Suite 130, Ashburn, Virginia, 20147, United States

Page 2 of 2 CONDITIONS & LIMITATIONS: 1. The aforementioned organization has a perpetual responsibility to maintain compliance with ISO 27001:2013 and to maintain the requisite maturity level for the award type specified above. 2. This certificate is subject to the satisfactory completion of annual surveillance audits by BrightLine. 3. ISO 27001:2013 and CSA STAR Certification audits are not designed to detect or prevent criminal activity or other acts that may result in an information security breach. As such, this certification should not be construed as a guarantee or assurance that an organization is unsusceptible to information security breaches. 4. The information in this document is provided “AS IS”, without warranties of any kind. BrightLine expressly disclaims any representations and warranties, including, without limitation, the implied warranties of merchantability and fitness for a particular purpose. 5. This certificate is the property of BrightLine and is bound by the conditions of contract.