Thales eSecurity News Release

Vormetric and TruComply Partner to Offer Free PCI Information Service

SANTA CLARA, CA - August 8, 2006 - Vormetric, a leading provider of security solutions for protecting sensitive data from unauthorized access, today announced that it is launching a free PCI information Service with TruComply, a security consulting company specializing in PCI Compliance initiatives. This free service will provide a combination of quarterly newsletters, blogs by leading PCI experts, and PCI-related news and all that is needed to view is a quick registration.

The PCI DSS (Payment Card Industry Data Security Standard) is a compliance initiative agreed upon by the payment card industry (Visa USA, MasterCard International, Amex and Discover) that imposes security requirements for merchants, service providers, and banks that handle payment card information. The standard also requires on-site audits, self-administered audits, and network scanning by merchants and service providers based on the volume of transactions each facilitates.

TruComply is comprised of PCI DSS and Visa CISP veterans such as John Shaughnessy, who created and managed the Visa CISP program and PCI standards as Visa's Senior Vice President, Risk Management and Fraud Control; Chris Noell, a former payments security practice leader for a leading assessor; Mike Dahn, who has contributed towards methodology and standards for Visa CISP/PCI, Payment Application Best Practices (PABP), and helped develop the Discover Information Security and Compliance (DISC) program; and D.J. Vogel, who has managed scanning and forensics practices for leading assessors.

According to TruComply, most security vendors focus on helping organizations comply with the mandatory validation requirements associated with PCI (e.g. on-site audit, quarterly perimeter scanning). However, the more fundamental challenge that organizations have is identifying how they 'process, transmit, and store' cardholder data, determining whether this is done in a secure and compliant fashion, documenting their security controls, and if out-of-compliance, determining whether effective compensating controls are in place or can be implemented. Organizations must ensure that they maintain control effectiveness throughout the year, since even a brief lapse can result in a compromise and potential liability under PCI as well as state and federal law.

"Our knowledge and experience within PCI allows us to provide highly effective security solutions for our clients. We provide assistance through a combination of on-demand access to payments security experts and a web-based portal that offers detailed information on compliance requirements, risk assessment and program planning templates and more," said Chris Noell, President, TruComply. "By partnering with Vormetric, we can help make sure our clients are fully aware of the important data encryption, access control, auditing, and host integrity requirements in the PCI and ultimately help our clients effectively mitigate risk and achieve compliance. We are excited to launch a service with a market leader such as Vormetric."

TruComply has a tremendous amount of experience and influence in the PCI and Visa CISP directives, said Dr. Heather Mark, Vormetric's Director of Industry Marketing. "By partnering with TruComply, we are able to offer a free service to the payments community that offers useful updates and news about all the PCI requirements, in addition to those covered by Vormetric's encryption, access control, auditing, and host integrity solutions address."

About Vormetric

Vormetric is the leader in data security management and enforcement solutions. Vormetric Data Security provides a centrally managed, high performance, easy-toimplement, distributed solution that solves the pressing compliance, security and risk management challenges facing today’s enterprises and government agencies. Vormetric’s application- and database-transparent solution outperforms other offerings to provide stronger and broader data security at a fraction of the management and implementation cost.

Vormetric’s more than 230 customers represent the world’s most trusted brands in financial services, retail, manufacturing, healthcare, media, energy and telecom industries as well as highly security conscious government agencies.

Vormetric technology has received strong market validation for its innovative approach to data security, including:

  • Selection by IBM as the core database encryption solution for DB2 and Informix on LinuxTM, Unix® and Windows
  • Computerworld Technology Innovation Award
  • Selection by Symantec to provide the Symantec Veritas NetBackupTM Media Server Encryption Option
  • Partnership with Oracle to secure the execution environment for Oracle® Database Vault
  • Five patents issued and nine patents pending

Vormetric is a trademark of Vormetric, Inc. All other names mentioned are trademarks, registered trademarks or service marks of their respective owners.