Press Releases

Symantec Facilitates IT GRC Initiatives Through IT Compliance Process Automation

LAS VEGAS – Symantec Vision - June 11, 2008 – Symantec Corp. (Nasdaq: SYMC) today announced a significant update to its compliance process automation solution, Control Compliance Suite 9.0, in support of IT Governance, Risk, and Compliance (IT GRC) initiatives within global organizations. Symantec Control Compliance Suite provides customers with the ability to automate key IT compliance processes in order to reduce the risk to their information assets and reduce the costs of managing compliance.

Increasingly, IT management is being called on to align with business objectives amidst shrinking budgets. Business executives are asking IT to achieve compliance for internal and external mandates while managing the delicate risk versus return balance. Compliance process automation is the key to meeting these requirements in a cost-effective and sustainable manner.

"More than half of my team's time is spent capturing information to demonstrate regulatory compliance. Using Symantec Control Compliance Suite as part of our IT GRC strategy, we have automated processes to mitigate IT risk and improve efficiency," said GV Gopalakrishnan, executive vice president of information technology, HDFC Bank Limited. "Symantec's risk-based approach to policy compliance automation gives us a full solution that automates key processes and reports the most critical assets at risk for prompt remediation."

By combining IT risk assessment and compliance capabilities into an integrated solution, Symantec helps customers improve alignment between IT compliance and business risks. Control Compliance Suite lets customers implement end-to-end coverage of the IT compliance lifecycle strengthening its IT GRC practices – from defining appropriate policies based on regulatory mandates to assessing IT controls to remediating deficiencies and finally generating detailed reports.

"Pricewaterhouse Coopers understands the challenges executives face in managing IT risk," said PricewaterhouseCoopers' Advisory partner Chris O'Hara. "By applying our principles-based approach companies are realizing the benefits of integrated, risk-based and business-aligned IT risk management which enables global organizations to drive business performance, control risk and achieve compliance efficiencies. Utilizing technology to automate IT GRC processes helps organizations streamline processes, simplify reporting and reduce costs."

Symantec Control Compliance Suite offers flexible and scalable deployment options for the largest and most complex IT infrastructures in the world. It provides global coverage for regulatory content, frameworks and best-practice standards. The new version of Control Compliance Suite, expected to be available this fall, will support assessment of IT controls for the broadest range of IT platforms as well as risk assessment capabilities that enable quick identification and remediation of information assets at highest risk in the organization.

"We've found that organizations with mature IT GRC practices such as frequent auditing of their IT environment against company policies and standards often benefit from increased revenue, higher customer satisfaction, less data loss and lower compliance costs," said Francis deSouza, senior vice president of Information Foundation, Security & Compliance Management, Symantec.

As a new module of Control Compliance Suite 9.0, Symantec Security Information Manager 4.6 lets organizations collect, store and analyze log data as well as monitor, prioritize and respond to security incidents. As a result security teams can proactively monitor risk to their IT assets in real time and meet compliance requirements around incident response and log management. The Symantec Security Information Manager 4.6 module introduces support for multiple domains, addressing the needs of the largest enterprises and security service providers.

Control Compliance Suite is a key component of the Symantec Global Services Security Management Solution Portfolio. Symantec provides customers with the flexibility to choose how to manage their security and compliance environment by utilizing their own resources with Symantec products and Symantec Education Services for training, a combination of internal staff with Symantec consultants, or outsourced as a managed service to maximize resource utilization.

Relevant Links:
Licensing and Availability:

Control Compliance Suite 9.0 is scheduled to be available in the second half of 2008. Symantec Security Information Manager 4.6, which will be available as a module to Control Compliance Suite 9.0, is currently available and can be purchased directly or through Symantec's worldwide network of value-added authorized resellers, distributors and systems integrators. For more information on about these solutions, please visit the Symantec Control Compliance Suite solutions page.

About Symantec:

Symantec is a global leader in infrastructure software, enabling businesses and consumers to have confidence in a connected world. The company helps customers protect their infrastructure, information and interactions by delivering software and services that address risks to security, availability, compliance and performance. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at

Note to Editors: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.

Forward-looking Statements: Any forward-looking indication of plans for products is preliminary and all future release dates are tentative and are subject to change. Any future release of the product or planned modifications to product capability, functionality or feature are subject to ongoing evaluation by Symantec, and may or may not be implemented and should not be considered firm commitments by Symantec and should not be relied upon in making purchasing decisions.