News Release
Symantec Facilitates IT GRC Initiatives Through IT Compliance Process Automation
Symantec Control Compliance Suite 9.0 Enables Risk-Based Approach to IT GRC
AUCKLAND – Symantec Vision 2008– Symantec Corp. (Nasdaq: SYMC) today announced a significant update to its compliance
process automation solution, Control Compliance Suite 9.0, in support of IT Governance, Risk, and Compliance (IT GRC)
initiatives within global organisations. Symantec Control Compliance Suite provides customers with the ability to
automate key IT compliance processes in order to reduce the risk to their information assets and reduce the costs of
managing compliance.
Increasingly, IT management is being called on to align with business objectives amidst shrinking budgets. Business
executives are asking IT to achieve compliance for internal and external mandates while managing the delicate risk
versus return balance. Compliance process automation is the key to meeting these requirements in a cost-effective and
sustainable manner.
“More than half of my team’s time is spent capturing information to demonstrate regulatory compliance. Using Symantec
Control Compliance Suite as part of our IT GRC strategy, we have automated processes to mitigate IT risk and improve
efficiency,” said GV Gopalakrishnan, executive vice president of information technology, HDFC Bank Limited. “Symantec’s
risk-based approach to policy compliance automation gives us a full solution that automates key processes and reports
the most critical assets at risk for prompt remediation.”
By combining IT risk assessment and compliance capabilities into an integrated solution, Symantec helps customers
improve alignment between IT compliance and business risks. Control Compliance Suite lets customers implement end-to-end
coverage of the IT compliance lifecycle strengthening its IT GRC practices – from defining appropriate policies based on
regulatory mandates to assessing IT controls to remediating deficiencies and finally generating detailed reports.
“Pricewaterhouse Coopers understands the challenges executives face in managing IT risk,” said PricewaterhouseCoopers’
Advisory partner Chris O’Hara.
“By applying our principles-based approach companies are realising the benefits of integrated, risk-based and
business-aligned IT risk management which enables global organisations to drive business performance, control risk and
achieve compliance efficiencies. Utilising technology to automate IT GRC processes helps organisations streamline
processes, simplify reporting and reduce costs.”
Symantec Control Compliance Suite offers flexible and scalable deployment options for the largest and most complex IT
infrastructures in the world. It provides global coverage for regulatory content, frameworks and best-practice
standards. The new version of Control Compliance Suite, expected to be available this fall, will support assessment of
IT controls for the broadest range of IT platforms as well as risk assessment capabilities that enable quick
identification and remediation of information assets at highest risk in the organisation.
“We’ve found that organisations with mature IT GRC practices, such as frequent auditing of their IT environment against
company policies and standards, often benefit from increased revenue, higher customer satisfaction, less data loss and
lower compliance costs,” said Francis deSouza, senior vice president of Information Foundation, Security & Compliance Management, Symantec.
As a new module of Control Compliance Suite 9.0, Symantec Security Information Manager 4.6 lets organisations collect,
store and analyse log data as well as monitor, prioritise and respond to security incidents. As a result security teams
can proactively monitor risk to their IT assets in real time and meet compliance requirements around incident response
and log management. The Symantec Security Information Manager 4.6 module introduces support for multiple domains,
addressing the needs of the largest enterprises and security service providers.
Control Compliance Suite is a key component of the Symantec Global Services Security Management Solution Portfolio.
Symantec provides customers with the flexibility to choose how to manage their security and compliance environment by
utilising their own resources with Symantec products and Symantec Education Services for training, a combination of
internal staff with Symantec consultants, or outsourced as a managed service to maximise resource utilisation.
Relevant Links:
• Podcast: IT GRC Overview with Suzanne Dickson
• Podcast: Control Compliance Suite 9.0 with Jitesh Chanchani
• Key Findings from IT Policy Compliance Group Research on IT GRC
• IT Policy Compliance Group Web site
Licensing and Availability:
Control Compliance Suite 9.0 is scheduled to be available in late 2008. Symantec Security Information Manager 4.6, which
will be available as a module to Control Compliance Suite 9.0, is currently available and can be purchased directly or
through Symantec’s worldwide network of value-added authorised resellers, distributors and systems integrators. For more
information on about these solutions, please visit the Symantec Control Compliance Suite solutions page.
ends