ABOUT SYMANTEC

Press Release

Symantec Managed Security Services Awarded BS 7799 Certification

Company is Only U.S. Headquartered Global MSSP to Meet Standard's Stringent Requirements for Security Management

CUPERTINO, Calif. - July 7, 2003 - Symantec Corp. (Nasdaq: SYMC), the world leader in Internet security, today announced that its Managed Security Services' Security Operations Centers (SOCs) have been awarded certification under the British Standard BS 7799. This comprehensive specification defines requirements for establishing, implementing, and documenting an effective information security management system. Symantec is the only U.S.-based Managed Security Service Provider (MSSP) doing business globally to meet the international standard's requirements. The Alexandria SOC is Symantec's largest SOC worldwide and the latest to be BS 7799 certified.

"We are very proud to earn this prestigious certification, which provides powerful evidence of Symantec's operational maturity and unrelenting commitment to superior service," said Amit Yoran, vice president, Symantec Managed Security Services. "There is a growing demand within the security industry for third-party validation of information security policy. By meeting the requirements of today's leading industry standards, like BS 7799, we assure our customers and partners that their critical information is protected through controlled procedures, policies, and best practices."

Symantec's SOC in the United Kingdom earned BS 7799 certification in May 2002. The addition of the BS 7799 certification for the Alexandria SOC reinforces Symantec's commitment to superior service at its state-of-the-art SOCs, which provide customers with comprehensive, round-the-clock security management, monitoring, and response services. In addition to its SOCs in Alexandria and the United Kingdom, Symantec has plans to certify its other SOCs around the world.

"Choosing to outsource your security function is not a decision to be made lightly," said Richard Diamond, chief information officer, The Doctors Company. "Trust is very important. We decided to outsource our security to Symantec because of the company's stability and sole focus on security. By working with a third party to audit its business and earn this certification, Symantec demonstrates its commitment to providing superior managed security services to its customers for the long haul."

Symantec completed the BS 7799 certification process through an intensive security audit conducted by KPMG Certification Services. KPMG's Certification Services is designated by the United Kingdom Accreditation Services (UKAS) as qualified to audit for compliance to the BS 7799 standard. After certification, regularly scheduled reviews and audits are required to maintain compliance.

Earning the BS 7799 certification is typically a complex process, taking between six and nine months. Symantec used proven policies, standards, procedures, and records to implement and maintain a world-class information security management system that protects assets and manages risk in its SOCs, as well as ensures the integrity of information as it is shared internally and externally.

BS 7799 sets requirements for companies' Information Security Management Systems. It identifies 10 controls in the certification process:

  • Security policy
  • Organization of assets and resources
  • Asset classification and control
  • Personnel security
  • Physical and environmental security
  • Communications and operations management
  • Access control
  • Systems development and maintenance
  • Business continuity management
  • Compliance

The BSI Group, an international provider of services to businesses and other organizations, provides the infrastructure and expertise required to develop world-class standards for products, services, management systems, and test methods. The BSI Group first published BS 7799 in 1995, and the standard became so widely accepted in many countries as a code of practice for information security that the organization developed it into an international standard, ISO17799, approximately six years later. However, while ISO17799 describes the model for information security management systems in the international arena, BS 7799 certification remains the only proof that an organization actually complies with the exacting standard.

Symantec Managed Security Services
Part of Symantec's Enterprise Security Services, Symantec Managed Security Services delivers industry leading security monitoring, management, and response to its clients. Its 24x7 real-time services enhance an organization's information security posture through continuous monitoring and management, expert analysis, and immediate response to potential security threats. From Symantec's Security Operations Centers (SOCs) around the world, Symantec Managed Security Services provides flexible, vendor-neutral offerings to meet a variety of business needs. Symantec Managed Security Services provides organizations with a real-time view of their enterprise security posture and the analysis and commentary needed to adjust defenses against emerging attacks, for optimal protection of mission-critical assets. For more information, please visit http://enterprisesecurity.symantec.com/SecurityServices/.

About Symantec
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.

NOTE TO EDITORS: : If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States.

Symantec, the Symantec logo, VERITAS, and the VERITAS logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and certain other countries. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.