CentOS is fine if you just need an office file-server or print-server.
If you are running an e-commerce website, then you need to be PCI compliant and up-to-date with the latest security patches *QUICKLY*.
CentOS updates can be unpredictable as to when they will be released. Look at Wikipedia's "Delay" column for CentOS releases.
Due to extremely slow 2011 updates and releases, I switched to an alternative OS out of fear a CentOS update might never arrive. It did release eventually.
Does your IT staff have the time and knowledge to create their own RPM files for updating CentOS, when the closed group of CentOS volunteers fail to deliver?
If not, I would suggest either pay for RHEL updates or use current free releases of Fedora, OpenSuse, Ubuntu LTS, or Debian instead.