| Today's Date: Thursday, November 20, 2008 |
| VeriSign Introduces the VeriSign(R) Security Certification Program to Help Enterprises Meet Strict Regulatory and Business Security Compliance Requirements |
| Tuesday, June 28, 2005 |
| WASHINGTON -- VeriSign introduced the VeriSign(R) Security Certification Program. The program is designed to both assess an enterprise's information security program and certify it meets VeriSign's requirements, which are based on best practices drawn largely from a variety of international regulatory and industry compliance requirements. The certification can also be performed at a
business unit, infrastructure or application level. With more businesses opening their networks to customers, partners, suppliers and remote employees, the potential for theft of sensitive information is increasing. As a result, many governments and industry associations are enacting legislation and requirements that compel enterprises to secure their networks and maintain the integrity of stored information. Key compliance standards and regulatory drivers include: Sarbanes-Oxley, Health Information Portability and Accountability Act (HIPAA), Gramm-Leach- Bliley (GLBA), British Standard 7799/ISO 17799 for Information Security and the Payment Card Industry (PCI) Data Security Standards. Failure for an enterprise to meet these requirements can result in increased audits, penalties, transaction costs and lower revenues. Through the VeriSign Security Certification Program, VeriSign's Global Security Consulting team utilizes the experience gained from the hundreds of compliance audits it performs annually. By implementing a single-service approach to assess the integrity of a network environment, enterprises can keep pace with these standards and regulatory requirements. Certification by VeriSign provides a vehicle for companies to communicate to third parties that their information security program follows best practices. Additionally, given that those best practices are based largely on regulatory and industry compliance requirements, the assessment data can be used during the performance of other audits to reduce cost and complexity. The program consists of two parts: -- Assessment: Enterprises undergo detailed assessments of their business, network and data flows, performed through document reviews, interviews and technical analysis. The assessment includes a comprehensive report of the findings, a gap analysis for activities required to meet certification, and a standalone database that allows granular access to the results. -- Certification: Enterprises are certified for one year upon achieving compliance with the program, renewable annually. Deliverables include a one-page certification letter, indicating that their program complies with VeriSign's standards for best practices, that can be shared with regulators, business partners, industry associates and other third parties and access to certification documents to generate reports detailing the assessment data associated with each regulatory and industry standard. The program is one of a range of VeriSign services that help customers address compliance issues. www.verisign.com/dm/security-certification-program |
Click here to Contact Us