(888) 208-0020 prs@auaus.net

AT&T Consulting
AT&T SureSealSM Security Certified Program

With increasing pressure from the government and industry to meet constantly evolving security requirements, enterprises must
assure partners, suppliers and customers that they are in compliance. Failure to meet such requirements may result in increased audits, penalties, and transaction costs, as well as the loss of business and potentially lower revenues. As a result, enterprises are forced to
dedicate significant time, money and personnel to security audit and reporting processes.
When addressing individual regulatory requirements, enterprises are discovering a new challenge: the need for an over-arching program of security improvement and compliance. The need for a programmatic and holistic approach to security, which aligns the business and security needs of the
organization, forms a foundation for addressing compliance requirements.
The AT&T SureSealSM Security Certified Program helps customers address this growing need.
SureSeal is based on our experiences and observations that, while there are many standards and laws to which companies must comply, there has been no program to address compliance requirements and IT components holistically. SureSeal customers have found that such an approach can help to reduce compliance costs and streamline regulatory efforts.
AT&T has long been a pioneer in the development of security services and capabilities, with AT&T Labs and AT&T’s security organization working closely together to provide industry leading enterprise services and technology.

Overview
The AT&T SureSeal Security Certified Program is designed to assess an enterprise’s information security program (or critical business components or applications) and certify that it meets industry standards. The certification is earned by implementing and operating a proactive program of security improvement. In turn, it provides trust and assurance for companies that are required
to communicate their security practices to third parties and government regulators. The program reduces the complexity and expense of multiple audits.

Program Description
Completion of the AT&T SureSeal Security Certified Program requires compliance with open and published standards taken directly from regulatory requirements and industry standards. These standards are generally accepted in the industry, and AT&T openly shares the standards and assessment techniques with customers.

Dynamic, Flexible Approach
Certifying the entire enterprise, especially in the case of larger customers, may not be cost effective. For this reason, the flexibility of the SureSeal Program means that AT&T Consulting can certify application infrastructures, hosting environments, and business units. In each case, AT&T Consulting performs an extensive review of people, processes and technology, evaluating the interdependencies between an application or business unit and the overall enterprise security program.

Product Brief – AT&T Consulting 2

Requirements for satisfying these standards can be assessed using a common set
of assessment procedures, at business- appropriate levels of detail. A single set of procedures translates into less time,
effort and costs for compliance audits and assessments. In addition, this approach readily allows for the incorporation of new standards into the assessments. AT&T
Consulting believes this is critical given the rapidly changing state of regulatory and industry expectations.
By achieving certification, you will benefit from association with the AT&T Consulting SureSeal Security Certified brand. Once certified, you can generate reports for auditors, regulators and other parties requesting information about your company’s security compliance status. You will have access to the full Certification Assessment Report, which details all regulations and standards that are evaluated, along with all findings.
The SureSeal Program provides many other benefits; such as detailed recommendations that help you improve even the most robust information security program. Your practices and processes will be evaluated by top security professionals with state-of- the-art knowledge of the security industry and technologies. If we recognize areas for
improvement during the security assessment, we will provide detailed, documented feedback as well as guidelines to help you pursue the remediation strategy that best suits your organization.

Features
The AT&T Sure Seal Security Certification process includes two key phases:
• Assessment
• Certification

Assessment
The assessment phase consists of a detailed analysis of your business, networks and data flow. Typically, this phase lasts three
to six months and is performed through documentation reviews, interviews and technical analysis.

Certification
Once you have successfully achieved compliance with the selected standards, you are certified for a period of one year, renewable annually.
The advantages of certification include:
• A one-page certification letter that can be shared with regulators, business partners, industry associates and other third parties.
• Access to certification documentation to generate reports in the required
format for auditors, regulators and others in response to requests for security compliance information.
• An AT&T SureSeal Security Certified plaque for display and recognizing your achievement in information security as well as use of the SureSeal logo.

Benefits
Streamlined Certification
An open and standards-based certification process encompasses security requirements from a variety of sources.

Reduced Cost and Complexity
The AT&T Consulting SureSeal Security Certification Program satisfies multiple audit and regulatory requirements through a single service.

Documentation
AT&T Consulting provides access to supporting documentation for auditors, regulators and other third-party requestors. In addition, AT&T Consulting provides a certification letter so you can communicate security certification status to customers, partners and suppliers.

One-Stop Vendor
Since the late 1800s, AT&T has been held to the high standards for security and risk management. Bringing over a century of this expertise to our customers is the AT&T Consulting mission. AT&T manages its own risk portfolio with care and integrity, and is
proud to bring our expertise to help address our customers’ security challenges.

Security Solutions: Expertise from a Trusted Provider
AT&T provides a unique and world-class portfolio of assessment, compliance and related security services.
Our experience, expertise and commitment to open standards have established us as a strategic and trusted advisor. By leveraging AT&T, you can expect best-in-breed solutions, a global network of proven technology and a cost-effective, program-based approach to meet your security and compliance needs.

06/01/10 AB-1906
© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.