Compliance – The foundation of IT Security

Compliance – The foundation of IT Security

Compliance. Gartner describes it as ‘The process of adhering to policies and decisions’.

In terms of Regulatory Compliance, Gartner defines this as being ‘concerned with the laws that a business must obey, or risk legal sanctions…’

Businesses are required to comply with specific regulations on daily basis. Never has there been more noise (qualified and otherwise) about regulation than with the upcoming enforcement of the EU’s General Data Protection Regulation.

For an organisation’s successful transition into compliance, the implications of compliance need to be understood. A foundation needs to be established and the process of becoming compliant should grow from there.

As so many businesses can testify, compliance does not come with a one size fits all solution. This understanding is critical to the selection process of and commitment to the chosen solutions. Minimising the amount of solutions is equally important in order to retain centralised management and consistency.

The ability to simply report compliance is often misconstrued as the core requirement of a compliance solution. In reality, the solution should begin, continue and end with compliance. Not only this, it should overarch and ringfence your entire IT infrastructure providing end-to-end compliance. This is true regardless of the area of focus – governing data, securing data, system compliance or otherwise.

Furthermore, compliance is not a box-ticking exercise. Although it’s important to be prepared for the DPO or legal team, a strong compliance etiquette and adherence will bring efficiencies far beyond a successful audit.

Symantec are a long-standing centre of excellence in the area of IT security. With this expertise comes a deep understanding of how security solutions, processes and policies interact.

Over the past number of years, Symantec have been perfecting their Control Compliance Suite (CCS) solution for such a time as this. With a modern and simplified GUI, the recent release of CCS 12.0 presents a broad opportunity to understand your security gaps and vulnerabilities and maintain a continuous level of compliance across the environment. Simply put – Assess. Remediate. Comply.

With Control Compliance Suite 12.0 businesses have centralised control over the following;

  • Security assessment of technical controls
  • Security assessment of procedural controls
  • Security policy lifecycle management
  • Context-aware vulnerability assessment and risk analysis
  • The ability to calculate and aggregate risk scores for remediation and risk reduction

Control Compliance Suite also integrates with other Symantec solutions such as DLP (Data Loss Prevention) for identification of PII, as well as IT Management Suite and DCS (Data Center Security) to assist with remediation and securing of assets. CCS will also ingest data from third party solutions as required.

So, what about GDPR…?

*Article 5 and 32 of the GDPR state that organisations should regularly assess and be able to demonstrate compliance with all the principles of the regulation.

In this context, CCS can assist in two stages;

1)     Readiness Assessment

Symantec CCS GDPR Readiness Assessment content will help organizations to evaluate their level of understanding of the Regulation, and estimate their current readiness on the path towards compliance with the GDPR. The overall outcome of this assessment will help organizations gauge how far they are from meeting certain important requirements of the GDPR. Based on the results of the assessment, action plans can be put in place. The assessment can be launched multiple times to see the progression.

2)     The ultimate goal of Symantec Control Compliance Suite is to help organizations implement a cost effective, holistic approach to procedural compliance automation, monitoring and tracking progress leveraging the CCS modules below:

Symantec CCS Policy Manager: automates policy definition and policy life cycle management. Customers use Policy Manager to identify common controls across multiple mandates, update the content and technical standards updates on a regular basis, and manage the lifecycle of security policies, standards, and controls.

Symantec CCS Assessment Manager: used to collect response to both readiness and full GDPR content questionnaires. Customers use these to assess the effectiveness of procedural security controls in the data center, to evaluate overall employee security awareness, and to support security awareness training.

Symantec CCS Standards Manager: used to collect technical evidence of the data security enforcement. Organizations employ Standards Manager to discover and identify rogue and misconfigured assets, detect configuration drifts, and evaluate if systems are secured, configured, and patched according to the customer’s security standards.

*This section is taken from the official Symantec Solution Overview: IT Risk and Compliance. You can view the compete overview document here.

If you feel that these solutions might assist with your GDPR or compliance journey, please contact for further details.