Thursday, July 23, 2009

VeriSign Global Security Consulting Launches Service for FTC Mandated Assessments

VeriSign, Inc. (NASDAQ: VRSN) Global Security Consulting today announced the availability of a new service to support assessments against the United States Federal Trade Commission (FTC) consent orders. Over the last few years, there have been several data breaches in the news resulting in the FTC requiring comprehensive security assessments for organizations that fail to take reasonable care in securing consumer data. Generally, the resultant FTC consent order requires affected firms to engage independent third party assessors to perform security assessments of existing programs intended to safeguard personal information collected about consumers, on an initial and biennial basis for a specified period.

VeriSign is able to certify the Order recipient's security program is operating within the requirements of an Order. VeriSign consultants also hold the requisite security certifications specified by the FTC.

"Companies that hold consumer data need to take a close, critical look at their information security programs in light of the regulatory compliance landscape," said Todd Waskelis, Vice President of VeriSign Global Security Consulting. "Our proven methodology for assessing compliance plus the incorporation of recognized standards of good practice is what sets VeriSign apart in this salient service offering."

The VeriSign® FTC Security Program Assessment utilizes a multi-step process covering discovery, review, and analysis to provide a report for the FTC, in accordance with the consent order.

VeriSign has developed an approach to performing this assessment which uses a selection of controls/safeguards grounded in the language of the FTC order, and further informed by ISO27001 and 16 CFR 314, Standards for Safeguarding Customer Information promulgated under the Gramm Leach Bliley Act (GLBA), as the baseline in evaluating the security program. It also combines in-depth knowledge and use of Information Security Standards of Good Practice (SOGP), applicable regulatory requirements, VeriSign's experience in providing assessments of similar organizations and its understanding of information security management practices within the industry.

VeriSign has extensive experience dealing with organizations that have to comply with more than one regulation, which is essential to streamlining efforts and reducing costs while still taking an industry standard approach to security assessment.

To learn more about the VeriSign FTC Security Program Assessment, visit

About VeriSign

VeriSign, Inc. (NASDAQ: VRSN) is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, VeriSign helps companies and consumers all over the world engage in communications and commerce with confidence. Additional news and information about the company is available at

No comments: