Symantec has upgraded its Control Compliance Suite with the addition of new features to automate the assessment of procedural controls and gather and translate permissions for data access across the entire enterprise.
Scheduled to be available this month, Symantec Control Compliance Suite 8.5 combines policy management with technical and procedural control assessment, said Indy Chakrabarti, group product manager at Symantec, in an interview with eWEEK. The new product will help enterprises address the requirements of regulations such as Sarbanes-Oxley and the Payment Card Industry standards which mandate how companies secure, audit and manage data.
"There is a need to enforce those controls as well as to have products out there to enforce policy," he said.
But ensuring compliance means more than using software to audit and secure electronic data. It also includes manual processes such as creating, defining and distributing policies, tracking exceptions and managing standards and entitlements, Symantec officials said.
Enter the new version of CCS, which now automates the assessment of non-programmatic controls by providing out-of-the-box content for standards and frameworks. Users will be able to manage the manual assessment process from creating and distributing questionnaires to analyzing response data, company officials said.
In addition, the new version of CCS allows users to gather permissions for data access across the entire organization and electronically routing the information to high-ranking business officials for access approval. Entitlements approvals are tracked and made available for audit reports, Symantec officials said.
Research analyst Vivian Tero said the upgraded product can help cut the cost of compliance for enterprises.
"Organizations today are required to demonstrate compliance with the various industry regulations, mandates and standards," said Tero, senior research analyst at IDC. "Solutions like Symantec Control Compliance Suite help IT executives unify the assessment and management of both programmatic and procedural IT controls to effectively lower the administrative cost and complexity of corporate compliance programs."