SOURCE: VeriSign, Inc.

VeriSign, Inc.

March 03, 2009 09:00 ET

VeriSign Enterprise Security Services Announces Launch of Certification Services for HITRUST Common Security Framework

Provides Healthcare Companies With First Step in Certification of New Standardized Approach to Electronic Health Information Protection

MOUNTAIN VIEW, CA--(Marketwire - March 3, 2009) - VeriSign (NASDAQ: VRSN) Enterprise Security Services today announced the launch of certification services for healthcare organizations looking to take the first step with the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF). HITRUST is an industry collaboration established to change the way sensitive health information is protected and meet growing regulatory compliance demands. VeriSign certification services provide a focused review of organizations' information security program and target environment based upon the objectives and controls established within the CSF.

The HITRUST CSF, which was unveiled yesterday at a HITRUST 2009 launch event in San Francisco, addresses the need for a more consistent and cost effective approach to protecting and exchanging health information and electronic health records. It was developed specifically for healthcare information and provides prescriptive managerial, technological and physical controls scalable to the size of the organization being assessed, as well as an assessment methodology for evaluating the existence of controls against the business and partner requirements as well as federal and state regulations.

"The launch of the CSF accomplishes the critical task of establishing a standard framework for healthcare information security and exchange," said Todd Waskelis, vice president of VeriSign Global Security Consulting. "VeriSign is honored to play an active role in its development and looks forward to supporting the healthcare industry's adoption of this important security framework."

HITRUST collaborated with leaders of the healthcare industry and professional services firms, as well as technology organizations, to create the HITRUST CSF. VeriSign was an early leader in the development effort, contributing to the framework content, the industry review of the framework, and the development of the underlying assessment methodology. The CSF cross-references and enhances industry best practices derived from existing standards and regulations.

"Leaders from across the healthcare industry have stepped up to collaborate with HITRUST on the Common Security Framework, marking an important milestone in the greater protection of health information," said Daniel Nutkis, CEO of HITRUST. "VeriSign consultants played a key role in the development of the CSF and continue to deliver great value to HITRUST through their information security expertise, experience and services."

VeriSign's services for certification of the HITRUST CSF begin with a readiness assessment to evaluate the scope of the certification requirements and determine gaps in the organization's existing security program that would prevent attainment of the HITRUST Certification. VeriSign can then help address these gaps through remediation services including policy, standards and procedures development and program development in the areas of Risk Management, Security Governance, Asset Management, Network Monitoring and Management, SDLC, Incident Response and Management, and Business Continuity Management. Finally, VeriSign will be accredited to perform HITRUST Certification assessment in accordance with the guidance set forth by HITRUST using the CSF as the assessment baseline.

VeriSign consultants are all certified security professionals averaging more than 12 years of experience. They perform hundreds of assessments annually and assist organizations in all sectors and vertical markets worldwide in the implementation of effective information security management practices.

For more information about VeriSign's HITRUST CSF Certification Services, visit http://entsecurity.verisign.com/global_security_consulting/hitrust_certification_services or call 650-426-5310.

About VeriSign Enterprise Security Services

VeriSign Enterprise Security Services is a division of VeriSign, the trusted provider of Internet infrastructure services for the networked world. Through this business unit, VeriSign provides a suite of security services for IT professionals seeking a balance between escalating information security demands and resource availability. The Enterprise Security Services suite includes Managed Security Services, iDefense Security Intelligence Services, and Global Security Consulting. This flexible portfolio of services make use of the most current, real world intelligence, experience and technology to deliver proven solutions that address the growing issues of cost, complexity and compliance that challenge IT security professionals.

Statements in this announcement other than historical data and information constitute forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934. These statements involve risks and uncertainties that could cause VeriSign's actual results to differ materially from those stated or implied by such forward-looking statements. The potential risks and uncertainties include, among others, the uncertainty of future revenue and profitability and potential fluctuations in quarterly operating results due to such factors as the inability of VeriSign to successfully develop and market new products and services and customer acceptance of any new products or services; the possibility that VeriSign's announced new services may not result in additional customers, profits or revenues; and increased competition and pricing pressures. More information about potential factors that could affect the company's business and financial results is included in VeriSign's filings with the Securities and Exchange Commission, including in the company's Annual Report on Form 10-K for the year ended December 31, 2008 and quarterly reports on Form 10-Q. VeriSign undertakes no obligation to update any of the forward-looking statements after the date of this press release.

Contact Information