Customer Assurance Portal

Access to information and resources about Symantec’s information security policies, standards and assurance programs over the protection of customer data.

Security Program Summaries

Symantec's Global Security Office

Committed to protecting our customers and their data

Protecting your most valuable assets is at the heart of our business, and Symantec remains vigilant about safeguarding your data and the privacy of the individuals it represents.

  • Data and its protection are at the center of everything we do: Our business is built on security, compliance, and accountability, enabling us to protect our customers’ most valuable assets.
  • We support the European Union’s General Data Protection Regulation (GDPR) and the safeguarding of privacy rights.
  • Privacy is a fundamental human right and protecting personal data—whether our own, our customers’, or our partners’—is part of our commitment to corporate responsibility.
Global Certification Management

Customer Security Assurance

The Customer Security Assurance team plays a key role in supporting Symantec's customer due diligence needs during the sales process, and thereafter ensuring customers are provided with sufficient insight into Symantec's information security policies, practices and product assurances. This team within the Global Security Office (GSO) coordinates with Sales, Legal and the Product teams to respond to customers’ information security assessment questionnaires or providing product assurance documentation (e.g., ISO 27001 certifications, SOC audit reports, evidence of penetration testing or vulnerability scanning results).

Security Certifications

Privacy Statement

Symantec's Privacy Statement describes the types of information we collect via Symantec’s web sites, how we may use that information and with whom we may share it. Our Privacy Statement describes the measures we take to protect the security of the information. We also tell you how you may contact us to update your information, remove your name from our mailing lists or get answers to questions you may have about our privacy practices at Symantec.

Information Security Policies and Standards

Symantec’s Information Security policies and standards are aligned to industry standards, e.g., CSA, NIST, ISO/IEC 27001, SOC 2 and PCI. These policies and standards are reviewed and updated (as necessary) on an annual basis. The following information security domains are covered by Symantec’s Information Security policies and standards and can be accessed from the Customer Assurance Portal:

  • Risk Management and Compliance
  • Security Training and Awareness
  • Personnel Security
  • Data Classification and Protection
  • Encryption and Key Management
  • Security Incident Management and Response
  • Supply Chain Risk Management
  • Logical Access Control
  • Workplace & Datacenter Security
  • Endpoint Security
  • Architecture & Cloud Security
  • Change Management
  • Asset Management
  • Product Development & Operations Security
  • Business Resiliency & Disaster Recovery
  • Data Backup & Recovery
  • Acceptable Use & Media Handling
  • Vulnerability & Patch Management
  • Security Monitoring

Product Assurance and Compliance

Symantec’s Global Security Office is driving a comprehensive assurance program to proactively meet the requirements of our customers in the dynamic landscape of the security industry. We actively promote awareness of global certification best practices and provide overarching guidance and support to our product teams to obtain and maintain Symantec product certifications. In addition, we offer a library of resources including ISO 27001 certifications, SOC audit reports, evidence of penetration testing and standardized questionnaire. These resource are available in the Customer Assurance Portal.

Voluntary Product Accessibility Templates

Symantec is committed to developing technology solutions that are accessible to persons of all abilities. To that end, we utilize the Voluntary Product Accessibility Template (VPAT™), developed by the Information Technology Industry Council, to assist government contracting officials and other buyers in making assessments of the accessibility features of our products and services.

Release of a VPAT, however, does not constitute a certification by Symantec that procurement of any electronic and information technology would comply with the requirements of Section 508 of the Rehabilitation Act of 1973 (29 U.S.C. § 794 (d)).

For additional information regarding Symantec’s VPAT program, please contact us.

Symantec Critical System Protection

Symantec Data Center Security

Symantec Encryption (PGP)

Symantec Endpoint Protection