Product Information

Symantec Control Compliance Suite v11





Cost varies depending on a number of variables, including the size of the environment, and the number of assets, platforms and users

Quick Read

Strengths: Dynamic dashboards; pivot-based reporting; full integration between managers

Weaknesses: Licensing model; support is costly

Verdict: Well integrated, full-featured, all-encompassing GRC platform

Rating Breakdown

SC Lab Reviews

Reviews from our expert team

Value for Money:
Ease of Use:


Symantec Control Compliance Suite (CCS) automates key IT risk and compliance management tasks. It is an integrated solution comprising several different modules, including vulnerability, security, risk, policy, assessment and vendor risk management. Users can deploy a combination of these modules to meet business objectives.

The CCS risk approach includes a definition of a business asset that one wants to manage, understand the IT risk for this asset, prioritise remediation based on IT risk, and then monitor risk reduction over time.

Risk Manager is a new module that allows users to create a view of IT risk as it relates to a business asset - whether that is a business process, group or function. This piece provides the ability to define a virtual business asset that one can manage from an IT risk perspective. By grouping together all of the IT ingredients associated with one's virtual business asset, the user can manage the composite risk associated with it. Risk can then be determined from assessment-driven results and vulnerability information.

The Policy Manager helps one plan for internal and external audits using more than 150 customisable policy templates, all mapped to centralised controls. Policy lifecycle management and policy-attestation tracking are all built into the module.

The Assessment Manager delivers out-of-the-box content for multiple regulations, frameworks and best practices. Its content is based on an Oval model. Symantec also delivers content based on its own team.

Vulnerability Manager delivers end-to-end vulnerability assessment of web functions, databases, servers and other network devices.

Additionally, CCS natively gathers security configuration data from server, database and application platforms. Data can also be consumed from external asset systems, including Active Directory, Altiris and other configuration management databases. Third-party assessment data is ingested through External Data Integration and Connectors using comma-separated values, open database connectivity or web service connectivity. Advanced risk scoring allows users to differentiate between real and potential threats, ensuring the most critical and exploitable vulnerabilities are given priority when it comes to remediation efforts.

A dynamic dashboard and reporting are updated in this release - and are well done. Risk and compliance scores roll up neatly, and the ability to move right from reporting into remediation workflows, controls review and risk-scoring detail helps every level of user. The data framework and extensive controls library provide a normalised view of one's data, and the analytics capabilities deliver valuable information to the reports and dashboards. One can move right from graphical views directly into the pivot-based detail, making it simple to research or interrogate the information.

No base support is included with the product. There are basic and essential assistance options available for purchase at 23 and 28 per cent of the manufacturer's suggested retail price. Support options are accessible via phone, email or web.

Michael Lipinski

Reviews For This Vendor