Information Protection and Privacy
Protecting Company Resources At Symantec, protecting our own network and operations is a high priority. We have company-wide information security training to educate employees on the newest information. In fact, our internal protection team works closely with the Symantec Managed Security Services team to apply the same technologies and services internally that we offer to our enterprise customers, including firewall monitoring and endpoint protection. This strategy has improved our own network security, and provides our services team with feedback that leads to the development of improved services for our customers.
Our internal protection team has also built strong relationships with law enforcement agencies, customers, and other threat response organizations.
Protecting our customers' and employees' privacy is a top priority and long-term investment in trust for Symantec. Our Privacy Program Office, which is part of our department of Legal and Public Affairs, addresses these issues by supporting management in setting a comprehensive and cohesive vision for privacy; providing legal support on privacy matters; and growing and maintaining the capabilities of the business to support privacy compliance.
To further advance this last priority, our executives have appointed managers of key organizations across the company as Privacy Champions responsible for ensuring commitment to and engagement with the Privacy Program.
To ensure that every employee at Symantec and its subsidiaries worldwide understands how we use and protect personal information, we developed principle-based privacy policies. They outline the principles Symantec follows when collecting, using, disclosing, and retaining the personal information of Symantec’s employees, customers, suppliers, and business associates. All employees worldwide are required to attend a mandatory privacy training, which is also part of the curriculum for new hires.
In order to verify adherence to our high standards in this area, we are working with an internal audit team on implementing international privacy audits, which examine whether selected environments and procedures align with our policy. This work is helping us move toward earning Safe Harbor certification, a standard built on seven principles for ensuring privacy, transparency, and informed consent for users of information systems and products.
We are also evolving beyond strict compliance with privacy regulations toward a model of data stewardship and Privacy by Design. Privacy by Design incorporates privacy practices into each of the business processes that touch personal data. It also applies principles that protect privacy from the beginning of the product design process.
We work to assure that all Symantec software functions in its intended manner and is secure. Our extensive software assurance mechanisms are designed to prevent exploitable vulnerabilities, inspire confidence that our software functions as intended, and ensure that it conforms to requirements, standards, and procedures. Some of the security processes we employ include:
- The Chief Information Security Officer and Information Security Department assures the security of our networks and the computer systems used to develop products. This oversight ensures that only authorized personnel have access to Symantec’s resources, which helps prevent product tampering.
- The Physical Security Department assures that all facilities are protected from encroachment. Source code repositories and development labs are under a Restricted Access Area Management plan that prescribes even higher levels of security for these sensitive areas.
- The Crypto Review Board oversees the use of cryptographic algorithms and keys for all Symantec products to assure that customer data is safe and secure when in transmission, memory, or storage.
- The Open Source Review Board assures that the use of open source components in Symantec’s products is both secure and compliant with all appropriate laws and licenses.
- The Product Security Department performs static code analysis and dynamic penetration testing to assure that vulnerabilities in Symantec products are identified and corrected as quickly as possible. This department also provides training to all of Symantec’s product development personnel in techniques for designing and programming secure, defect-free products.