CUPERTINO, Calif. - Jan 25, 2006 Symantec Corp. (NASDAQ: SYMC) today announced that its Symantec Managed Security Services' Security Operations Centers (SOCs) worldwide have been awarded recertification under the BS7799 -- Part 2: 2002 Information Security Management. In addition, Symantec Managed Security Services has obtained its third annual Statement of Auditing Standard No. 70 (SAS 70) Type II certification for its operations in North America.
BS7799 is a comprehensive standard that defines the requirements for establishing, implementing, and documenting an effective information security management system. BS7799 certification at Symantec's SOCs worldwide assures Symantec customers and partners that their information and data are protected and available through controlled procedures, policies, and best practices. The objective of the SAS 70 Type II certification was to provide Symantec's Board and customers with an independent examination of the applicable control objectives, internal controls and processes placed into effect in Symantec's operations. Symantec's SAS 70 Type II certification also provides critical support to its customers' Sarbanes-Oxley audit processes.
"When customers choose to outsource security, trust and confidence are paramount considerations," said Grant Geyer, vice president, Symantec Managed Security Services. "Our BS7799 renewal and SAS 70 Type II certification highlights the emphasis Symantec places on being a trusted advisor, and demonstrates our continued commitment to ensuring the integrity of our customers' information."
BS7799 Recertification, which must occur every three years, is a complex process involving detailed audits of Symantec's global security operations centers and data centers. Symantec uses proven policies, standards, procedures, and records to implement and maintain a world-class information security management system that protects assets and manages risk for its customers. Symantec completed BS7799 recertification through an intensive security audit conducted by KPMG Certification Services. After certification, regularly scheduled reviews and audits are required to maintain compliance.
Through guidance established by the American Institute of Certified Public Accountants, the SAS 70 Type II certification provides assurances regarding specific control objectives that Symantec designed to meet customers' unique needs. Many companies, especially financial services and other highly regulated organizations, require credible proof that a managed security services provider (MSSP) has processes and controls in place to provide a consistent, stable and secure environment to safely monitor and manage customer data throughout the organization. Symantec Managed Security Services SAS 70 Type II certification included detailed testing over a 10-month period.
Symantec Managed Security Services leverages global intelligence to offer fast and accurate analysis of security data to protect customers against emerging threats and reduce overall security risk. Its 24x7 real-time services enhance an organization's information security posture through continuous monitoring and management, expert analysis, and immediate response to potential security threats. Symantec Managed Security Services Operations Centers are located Alexandria, VA; Sydney, Australia; Munich, Germany; and London, England.
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.
NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at www.symantec.com/news. All prices noted are in US dollars and are valid only in the United States.
Symantec, the Symantec logo, DeepSight, VERITAS, and the VERITAS logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and certain other countries. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.