Enterprise Compliance Assessments from VeriSign, Inc.

You Are Here: US Home > Global Consulting Services > Global Security Consulting > Global Security Consulting Services Overview > Enterprise Compliance Assessments

Enterprise Compliance Assessments


Achieve Compliance for Your Business
The PurposeIdentify compliance gaps. Assess policies and practices - not just systems. Help you prepare for and pass your audit. Tailor our recommendations to your business goals. Weigh benefits against costs.
Value to YouRecommendations that can protect business operations, assets, and reputation.
How We WorkLearn your goals and constraints. Determine where risk is highest. Identify applicable regulations and standards. Interview and review. Conduct hands on verification. Rank findings by your priorities. Provide cost benefit analyses.
The ResultsA strategy, not just an assessment. Summaries for executives, thorough technical details for IT personnel. Pertinent facts tailored to the groups affected. Recommendations ranked by effectiveness to your business - standards based to give you confidence - vendor independent to give you freedom of choice. You come out smarter, not just compliant.
Why VeriSignOur focus is consequences, not just risk. We help you stay competitive. Existing customers are 70 percent of our business. One of the first Visa Cardholder Information Security Program (CISP) compliance providers.
Learn MoreTo talk with us about security and your business, call 650-426-5310 or submit your inquiry online.
Read about VeriSign's Security Certification Program to find out how to reduce the number of separate security audits you have to go through each year.
Or, see the Global Security Consulting Services Overview.

The Purpose

An enterprise compliance assessment discovers where your organization fails to adhere to the guidelines that govern your industry.

IndustriesRegulations
Public CompaniesSarbanes-Oxley
Section 302 (Management Certification)
Section 404 requirements to control access to financial systems (Management Assessment of Internal Controls)
Section 409 (Real Time Disclosure)
Internet MerchantsVISA Cardholder Information Security Program (CISP)
MasterCard Site Data Protection (SDP) program
Financial InstitutionsGramm-Leach-Bliley Act (GLBA)
Basel II
Federal Financial Institutions Examinations Council (FFIEC)
HealthcareHIPAA
Business with California CustomersCalifornia SB 1386
Energy and UtilitiesNERC CyberSecurity Standard and Remote Access Guidelines
Life SciencesFDA 21 CFR Part 11
TelecommunicationsCALEA Compliance and Do-Not-Call Registry
InternationalPersonal Information Protection and Electronic Documents Act (PIPEDA)
EU Data Directive
UK Data Protection Act

To find out more about these regulations, see Compliance and Your Business.

To learn more about our experience in your industry, see Industries We Work With.

If you work for the federal or a state government, see Public Sector Compliance Services.

Include Policies and Practices 
We’re careful to assess gaps in your policies and practices—not just in your systems. We’ve discovered that almost all the problems we uncover aren’t just technical problems, they’re organizational problems.

Help You Pass Your Audit—Cost-Effectively and “Business-wise” 
Passing your audit is essential. But the solutions that enable you to achieve compliance also need to advance your business goals. They also need to fit your budget and the resources you have to implement them.

With that in mind, we analyze the information we collect to:

  • Help you define your compliance objectives
  • Identify the improvements you need to make to pass your audit
  • Recommend improvements that weigh benefits against cost
  • Tailor our recommendations to your business goals
  • Develop a strategy that evolves as regulations change

Ensure Your Compliance with Visa CISP and MasterCard SDP 
We offer the VeriSign Credit Card Data Security Compliance Service to help you comply with the cardholder information security measures and network security best practices required by Visa and MasterCard.

VeriSign is an authorized assessor and scanning provider for Visa’s Cardholder Information Security Program (CISP) and MasterCard’s Site Data Protection (SDP) program, and we comply with American Express Data Security Standards. Our assessments also keep you in compliance with any credit card association the recognizes the Payment Card Industry (PCI) standards.

We offer a range of credit card data security compliance assessments:

  • For large businesses, our team of certified security professionals conducts an on-site assessment.
  • For smaller businesses, we offer an online compliance program.

Learn about: Enterprise PCI Compliance Solutions

Back to top

Value to You

The cost of non-compliance is high: fines for your company, jail sentences for company executives, loss of business, loss of government or public sector contracts, and loss of consumer confidence. Spotting and fixing compliance gaps before your audit keeps your company running smoothly and your reputation intact.

Back to top

How We Work

  1. We learn your goals and constraints.

We meet with key personnel to understand:

      • Your business goals
      • The money and staff members you can devote to fixing compliance problems
  1. We determine where compliance is needed.

We meet with key members of your team to understand your security objective and the areas where you want us to focus our assessment.

  1. We identify essential regulations and standards.

To clarify your security objectives, we identify the government regulations and industry standards that are essential in your industry.

  1. We scrutinize your securityhands on and in depth.

To clarify your security objectives, we identify the government regulations and industry standards that are essential in your industry.

We focus on these key areas:

Technical Security Assessments

      • Technical security controls
      • Physical and environmental controls
      • Vulnerability management
      • Virus protection
      • Information classification and management

Security Policy and Program Services

      • Security policies and practices
      • Risk management and governance
      • Personnel security controls
      • Security and privacy management
      • Security awareness and training

Incident Response and Forensics Services

      • Incident management

Disaster Recovery and Business Continuity Solutions

      • Disaster preparedness and business resumption plans
  1. We rank our recommendations by effectiveness and cost.

We rank our recommendations by how effectively they advance your business goals. We also rate each recommendation by its cost-effectiveness and by how easy it is to implement.

How Long It Takes 
An assessment can take as little as a month—if you’re a small company or we’re evaluating a discrete program. It can take as long as six months to evaluate your entire organization.    

Back to top

The Results

A Strategy 
You get a strategy for improvement—not just a pass-or-fail audit. We identify what you need to do immediately and your targets for six months out. We map out a plan for one and two years out. We also help you track changes in your plan and assess its long-term effectiveness.

Tailored Communications 
We tailor our recommendations to speak clearly and effectively to the people they affect: your CISO, your legal counsel, your auditors, and your Finance, HR, and IT departments. We provide executive summaries for decision makers—and the specialized details that give your technical staff the information they need to fix the problems we uncover.

Tailored Recommendations Ranked by Cost and Effort 
We know everyone has a limited security budget. We identify the compliance improvements that are best for your business—and rank our recommendations accordingly. We help you prioritize your spending: we do a cost-benefit analysis of each recommendation and identify which are easiest and least expensive—and will produce the most effective results.

Industry-Standard and Vendor-Independent Recommendations 
Our recommendations are standards based to give you confidence that you’re benefiting from the most up-to-date thinking in the industry. Our recommendations are also vendor independent to give you the freedom to implement the solution that suits you best.

You Come Out Smarter, not just Stronger 
When we’re onsite performing services, we make a point of working with your staff to make sure they know everything we discover. We work to help them become a better security staff—and to build better security awareness into your organization’s culture.

Back to top

Why VeriSign

Security isn’t just about security, it’s about your business. We focus not on vulnerabilities, but on their threat to your business. Read about Our Approach—the foundation of all our work.

We help you stay competitive—we use our knowledge and experience to benchmark your risk against your industry. Read Industries We Work With to learn more about our experience in your industry.

Seventy percent of our business comes from existing customers. We focus on our relationship with our customers. Our goal is to be your trusted security advisor. Read about Our Expertise.

We’re a security company with a consulting practice, not a consulting company with a security practice. Read about The Value of VeriSign.

Back to top
Contact Us
Please contact sales at
650-426-5310
Submit an inquiry online
Global Security Consulting
Services Overview
Enterprise Security Assessments
Enterprise Compliance Assessments
Security Certification Program
Incident Response and Forensics Services
Technical Security Assessments
Security Policy and Program Services
Security Architecture and Design Solutions
Identity and Access Management Services
Disaster Recovery and Business Continuity Solutions
Information Center
About Global Security Consulting
Industries We Work With
Public Sector Compliance Services
Compliance and Your Business
Resources



ABOUT SSL CERTIFICATES