Protecting our customers' and employees' privacy is a top priority and long-term investment in trust for Symantec. Our Privacy Program Office, which is part of our department of Legal and Public Affairs, addresses these issues by supporting management in setting a comprehensive and cohesive vision for privacy; providing legal support on privacy matters; and growing and maintaining the capabilities of the business to support privacy compliance.
To further advance this last priority, our executives have appointed managers of key organizations across the company as Privacy Champions responsible for ensuring commitment to and engagement with the Privacy Program.
To ensure that every employee at Symantec and its subsidiaries worldwide understands how we use and protect personal information, we developed principle-based privacy policies. They outline the principles Symantec follows when collecting, using, disclosing, and retaining the personal information of Symantec’s employees, customers, suppliers, and business associates. All employees worldwide are required to attend a mandatory privacy training, which is also part of the curriculum for new hires.
Over the past few years, we have improved our operations to better protect our customers’ privacy by standardizing privacy reviews for projects, supplier reviews, mergers and acquisitions, and product development cycles.
We work to assure that all Symantec software functions in its intended manner and is secure. Our extensive software assurance mechanisms are designed to prevent exploitable vulnerabilities, inspire confidence that our software functions as intended, and ensure that it conforms to requirements, standards, and procedures. Some of the security processes we employ include:
- The Chief Information Security Officer and Information Security Department assures the security of our networks and the computer systems used to develop products. This oversight ensures that only authorized personnel have access to Symantec’s resources, which helps prevent product tampering.
- The Physical Security Department assures that all facilities are protected from encroachment. Source code repositories and development labs are under a Restricted Access Area Management plan that prescribes even higher levels of security for these sensitive areas.
- The Crypto Review Board oversees the use of cryptographic algorithms and keys for all Symantec products to assure that customer data is safe and secure when in transmission, memory, or storage.
- The Open Source Review Board assures that the use of open source components in Symantec’s products is both secure and compliant with all appropriate laws and licenses.
- The Product Security Department performs static code analysis and dynamic penetration testing to assure that vulnerabilities in Symantec products are identified and corrected as quickly as possible. This department also provides training to all of Symantec’s product development personnel in techniques for designing and programming secure, defect-free products.