Symantec Facilitates IT GRC Initiatives Through IT Compliance Process Automation

Symantec Control Compliance Suite 9.0 to Enable Risk-Based Approach to IT GRC

Symantec Corp. (Nasdaq: SYMC) today announced a significant update to its compliance process automation solution, Control Compliance Suite 9.0, in support of IT Governance, Risk, and Compliance (IT GRC) initiatives within global organizations. Symantec Control Compliance Suite provides customers with the ability to automate key IT compliance processes in order to reduce the risk to their information assets and reduce the costs of managing compliance.

Increasingly, IT management is being called on to align with business objectives amidst shrinking budgets. Business executives are asking IT to achieve compliance for internal and external mandates while managing the delicate risk versus return balance. Compliance process automation is the key to meeting these requirements in a cost-effective and sustainable manner.

“More than half of my team’s time is spent capturing information to demonstrate regulatory compliance. Using Symantec Control Compliance Suite as part of our IT GRC strategy, we have automated processes to mitigate IT risk and improve efficiency,” said GV Gopalakrishnan, executive vice president of information technology, HDFC Bank Limited. “Symantec’s risk-based approach to policy compliance automation gives us a full solution that automates key processes and reports the most critical assets at risk for prompt remediation.”

By combining IT risk assessment and compliance capabilities into an integrated solution, Symantec helps customers improve alignment between IT compliance and business risks. Control Compliance Suite lets customers implement end-to-end coverage of the IT compliance lifecycle strengthening its IT GRC practices – from defining appropriate policies based on regulatory mandates to assessing IT controls to remediating deficiencies and finally generating detailed reports.

“Pricewaterhouse Coopers understands the challenges executives face in managing IT risk,” said PricewaterhouseCoopers’ Advisory partner Chris O’Hara. “By applying our principles-based approach companies are realizing the benefits of integrated, risk-based and business-aligned IT risk management which enables global organizations to drive business performance, control risk and achieve compliance efficiencies. Utilizing technology to automate IT GRC processes helps organizations streamline processes, simplify reporting and reduce costs.”

Symantec Control Compliance Suite offers flexible and scalable deployment options for the largest and most complex IT infrastructures in the world. It provides global coverage for regulatory content, frameworks and best-practice standards. The new version of Control Compliance Suite, expected to be available this fall, will support assessment of IT controls for the broadest range of IT platforms as well as risk assessment capabilities that enable quick identification and remediation of information assets at highest risk in the organization.

“We’ve found that organizations with mature IT GRC practices such as frequent auditing of their IT environment against company policies and standards often benefit from increased revenue, higher customer satisfaction, less data loss and lower compliance costs,” said Francis deSouza, senior vice president of Information Foundation, Security & Compliance Management, Symantec.

As a new module of Control Compliance Suite 9.0, Symantec Security Information Manager 4.6 lets organizations collect, store and analyze log data as well as monitor, prioritize and respond to security incidents. As a result security teams can proactively monitor risk to their IT assets in real time and meet compliance requirements around incident response and log management. The Symantec Security Information Manager 4.6 module introduces support for multiple domains, addressing the needs of the largest enterprises and security service providers.

Control Compliance Suite is a key component of the Symantec Global Services Security Management Solution Portfolio. Symantec provides customers with the flexibility to choose how to manage their security and compliance environment by utilizing their own resources with Symantec products and Symantec Education Services for training, a combination of internal staff with Symantec consultants, or outsourced as a managed service to maximize resource utilization.

Relevant Links:

* Podcast: IT GRC Overview with Suzanne Dickson
* Podcast: Control Compliance Suite 9.0 with Jitesh Chanchani
* Key Findings from IT Policy Compliance Group Research on IT GRC
* IT Policy Compliance Group Web site

Licensing and Availability:

Control Compliance Suite 9.0 is scheduled to be available in fall 2008. Symantec Security Information Manager 4.6, which will be available as a module to Control Compliance Suite 9.0, is currently available and can be purchased directly or through Symantec’s worldwide network of value-added authorized resellers, distributors and systems integrators. For more information on about these solutions, please visit the Symantec Control Compliance Suite solutions page.