Thales eSecurity News Release

Vormetric Announces the Addition of AOmega to Its Payment Card Industry (PCI) Partner Program

Vormetric Continues Momentum in Forming Partnerships With Companies Such as AOmega, an Information Security Consulting Firm, That Specializes in Helping Companies Comply With the PCI

SANTA CLARA, CA - July 24, 2006 - Vormetric, a leading provider of security solutions for protecting sensitive data from unauthorized access, today announced that AOmega, an information security consulting firm, joined its PCI partner program. AOmega performs quarterly PCI network security scans for Level 1, 2 and 3 merchants and service providers, Annual Self Assessments for Level 2 and 3 merchants and service providers and detailed PCI remediation services ranging from firewalls to mitigating insider threats.

The PCI DSS (Payment Card Industry Data Security Standard) is a compliance initiative agreed upon by the payment card industry (Visa USA, MasterCard International, Amex and Discover) that requires best-practice security standards for merchants and service providers that handle payment card information. The standards require on-site audits, self-administered audits, and network scanning by merchants and service providers on various levels according to the volume of transactions each facilitates.

Vormetric's PCI Partner Program is managed and supported by a seasoned team of proven channel business leaders, including Vormetric's Director of Industry Marketing, Heather Mark, PhD, CISSP, who have built and managed highly successful PCI programs in the past. This team created the program with its partners' needs as the driving force.

AOmega has a large amount of expertise in IT Security and the PCI DSS. Their PCI service offerings include:

Quarterly Network Security Scans: Level 1, 2 and 3 merchants are responsible for ensuring that a quarterly network scan is performed on their Internet-facing perimeter systems by a qualified independent scan vendor. The Quarterly Network Security Service is optional, but highly recommended for Level 4 merchants. This service will assist merchants and service providers remediate vulnerabilities that a scan turns up.

Annual PCI Self-Assessment Questionnaires: These are to be completed by Level 2 and 3 merchants and service providers is validated and, if desired, can be conducted by AOmega (recommended). The Questionnaire addresses all system(s) and/or system component(s) involved in processing, storing, or transmitting cardholder data. Level 4 merchants are not required, but strongly recommended, to complete the Questionnaire.

PCI Remediation Services: AOmega can provide merchants or service providers to help them attain PCI compliance -- from developing customized IT Security Policies and Procedures to address all aspects of the PCI standard and other internal standards (i.e., ISO 17799), to firewall policy reviews and reconfiguration to a wide range of other security items.

Mark De Lira, AOmega's Vice-President of Sales & Marketing, said, "Our extensive security expertise combined with our PCI knowledge and experience allows us to deliver enterprise-class security services for our clients. Vormetric's approach to encryption, access control, auditing, and host integrity helps us provide an even more solid offering and solution set to customers with PCI compliance needs in these areas."

"Vormetric's partner program gives PCI qualified companies like AOmega preferred access to Vormetric's customer-proven data security products, expertise, training, and support," said Dr. Heather Mark, Director Industry Marketing. "Credit card merchants, acquirers, and service providers benefit by knowing that their security consultant has knowledge and special access to a proven, cost-effective alternative to address their unique PCI data protection and encryption needs."

Vormetric's PCI Partner program offers two distinct categories of membership: Referral and Reseller. The program is available to solution providers in North America and Europe. Interested partners should email pci@vormetric.com for more information.

About Vormetric

Vormetric is the leader in data security management and enforcement solutions. Vormetric Data Security provides a centrally managed, high performance, easy-toimplement, distributed solution that solves the pressing compliance, security and risk management challenges facing today’s enterprises and government agencies. Vormetric’s application- and database-transparent solution outperforms other offerings to provide stronger and broader data security at a fraction of the management and implementation cost.

Vormetric’s more than 230 customers represent the world’s most trusted brands in financial services, retail, manufacturing, healthcare, media, energy and telecom industries as well as highly security conscious government agencies.

Vormetric technology has received strong market validation for its innovative approach to data security, including:

  • Selection by IBM as the core database encryption solution for DB2 and Informix on LinuxTM, Unix® and Windows
  • Computerworld Technology Innovation Award
  • Selection by Symantec to provide the Symantec Veritas NetBackupTM Media Server Encryption Option
  • Partnership with Oracle to secure the execution environment for Oracle® Database Vault
  • Five patents issued and nine patents pending

Vormetric is a trademark of Vormetric, Inc. All other names mentioned are trademarks, registered trademarks or service marks of their respective owners.