Symantec to simplify compliance management

Symantec Corp. (Nasdaq:  SYMC) announced an updated Symantec Control Compliance Suite, designed to reduce the cost and complexity of IT policy management and  compliance by automating the assessment of policies against industry regulations, standards and best practices.  Symantec Control Compliance Suite positions Symantec as the only vendor to offer integrated policy management, automated technical configurations and procedural response assessments in one product, ensuring more repeatable and effective compliance processes.

“Organizations today are required to demonstrate compliance with the various industry regulations, mandates and standards,” said Vivian Tero, Senior Research Analyst, IDC. “Solutions like Symantec Control Compliance Suite help IT executives unify the assessment and management of both programmatic and procedural IT controls to effectively lower the administrative cost and complexity of corporate compliance programs.”

Ongoing research by the IT Policy Compliance Group (www.itpolicycompliance.com) demonstrates a clear linkage between business and financial risks and practices implemented in IT.  The majority of costs associated with improving IT compliance comes from frequently repeating time-consuming processes.  These manual processes include creating, defining and distributing policies, tracking exceptions, managing standards and entitlements, remediating deviations, and performing both procedural and technical assessments.  The IT Policy Compliance Group’s research reveals companies that invest in one-off solutions to manage these processes will spend significantly more on IT policy compliance than those leveraging a single solution that can manage multiple standards, frameworks and regulations.[1]

Due to the multiple mandates, regulations and standards that impact multiple business units at any given company, many companies increase compliance costs by implementing redundant controls to address each one though many include the same requirements.  Symantec Control Compliance Suite provides key elements of the IT governance, risk and compliance management process by helping to ensure coverage of external mandates by automating policy documentation and dissemination, acceptance tracking and exception management.  It also demonstrates compliance to internal and external policies by automating the assessment of technical and procedural controls and evaluating this against risk criteria.

Compliance evidence can be gathered on configurations, permissions, patches, vulnerabilities and the solution controls self assessment of procedural activities without relying on agents.  Finally, Symantec Control Compliance Suite helps fix deviations to standards, enabling immediate corrective actions or triggers to third-party response workflow systems. 

Symantec Control Compliance Suite provides these capabilities by leveraging four new modules:

• Policy Module – enhanced module enables customers to define and disseminate policies, show coverage of regulatory requirements and demonstrate compliance to policies in one solution. 
• Standards Module – enhanced module automates the detection and remediation of deviations from technical standards, and provides pre-packaged technical standards that define best practices for securing workstations, servers and databases. 
• Entitlement Module – new module gathers permissions for data access across the entire company and translates those permissions into a consistent, easy-to-understand format.  It associates management classification to the data, and electronically routes the information to business owners for access approval.  Entitlements approvals are tracked and made available for audit reports.  
• Response Assessment Module – new module automates the assessment of non-programmatic controls by providing out-of-the-box content for popular standards and frameworks.  Customers are able to manage the manual assessment process from creating and distributing questionnaires to analyzing response data.  These manual attestations complement the technical assessments also provided in the product.

“Organizations are not just struggling with maintaining strong IT compliance, but also understanding what policies and standards they should implement to achieve it,” said Arshad Matin, vice president, Compliance and Security Management, Symantec. “A typical organization is a complex, heterogeneous environment, with a variety of platforms and a diverse set of control objectives. 

Understanding requirements and how to achieve strong IT compliance requires comprehensive intelligence of regulations, frameworks and the relevant best practices.  Symantec is helping customers lower their risk of non-compliance and improve internal controls through a combination of automation, process improvement and training.”

Additionally, Symantec Consulting Services will provide advisory and operations services support to complement the features of Control Compliance Suite.  Symantec Consulting Services can help an organization interpret, evaluate, and validate its compliance with regulatory industry standards and its own internal best practices and procedures.

Licensing and Availability

Symantec Control Compliance Suite 8.5 is scheduled to be available in late May through Symantec’s worldwide network of value-added resellers, distributors and systems integrators.  The solution's Response Assessment Module is scheduled to be available in June. Organizations seeking a reseller or distributor should contact Symantec at http://enterprisesecurity.symantec.com. For more information on Symantec’s IT Policy Compliance offerings, visit http://www.symantec.com/enterprise/products/category.jsp?pcid=1004.

About Symantec
Symantec is a global leader in infrastructure software, enabling businesses and consumers to have confidence in a connected world. The company helps customers protect their infrastructure, information, and interactions by delivering software and services that address risks to security, availability, compliance, and performance. Headquartered in Cupertino, Calif., Symantec has operations in 40 countries. More information is available at www.symantec.com.