Thales News Release

Vormetric And Fortrex Technologies To Help Organizations Meet HITECH Act And PCI DSS Requirements

July 13, 2011

HITRUST Assessor and PCI QSAC Joins Forces with Leader in Enterprise Encryption to Provide Regulation Specific Data Security Solutions

SAN JOSE, Calif. – July 13, 2011 – Vormetric, Inc., the leader in enterprise systems encryption and key management, and Fortrex Technologies, Inc., a market leader in IT Security, Operational Risk, and Compliance, today announced a strategic partnership to address the needs of organizations facing regulatory compliance data protection requirements. Together the companies will deliver information security solutions that help organizations meet the requirements of the HITECH Act and the Payment Card Industry (PCI) Data Security Standard (DSS). Fortrex, a certified assessor for the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF) and PCI DSS Qualified Security Assessor (QSA) Company, will offer Vormetric Data Security to address the broad set of data protection needs demanded by today’s heightened threats and regulatory environment.

The Health Information Technology for Economic and Clinical Health (HITECH) Act was introduced in 2009 to promote the adoption and meaningful use of health information technology. As part of this effort, the HITECH Act strengthens HIPAA security enforcement and requires nationwide data breach disclosure for unprotected health data. The PCI Security Standards Council offers robust and comprehensive standards and supporting materials to enhance payment card data security. The keystone is the PCI Data Security Standard (PCI DSS), which provides an actionable framework for developing a robust payment card data security process -- including prevention, detection and appropriate reaction to security incidents.

HITRUST and PCI DSS Assessments

As a certified assessor for the HITRUST CSF and a PCI DSS QSA company, Fortrex provides security control evaluations for healthcare organizations, Service Providers, and Merchants. Fortrex also offers guidance on how to implement CSF guidelines and PCI DSS requirements, including encryption. Working with Vormetric, Fortrex will provide customized solutions designed to secure data from unauthorized access, meet regulatory requirements, and prevent breaches that can result in fines and impact customer loyalty. Encrypting personally identifiable data also provides safe harbor protection against having to notify customers if a security breach occurs.

“Encryption is a critical component within a strong information security program, so we wanted to partner with a technology and market leader that could help us to deliver comprehensive solutions,” said Chris Konrad, senior vice president of client services for Fortrex. “We chose Vormetric because they integrate access control, encryption and auditing in a single manageable system that provides complete, cost effective, scalable data security, which has been proven in very large enterprise deployments.”

Customized Encryption Solutions

Vormetric Data Security enables enterprises to implement strong encryption to protect structured and unstructured data where ever it resides. Vormetric is completely transparent to applications and databases, so no modifications to the IT infrastructure are required. Vormetric also provides centralized, secure key management and strong separation of duties which protects against unauthorized data access by administrators. Vormetric supports all leading databases, including IBM DB2, Microsoft SQL Server, Oracle, Informix, MySQL and others as well as unstructured data stores on a variety of Linux, Unix and Windows Platforms.

“Meeting HITECH, HIPAA, and PCI DSS information security requirements is a complex process that requires very specialized domain expertise,” said Bruce Johnson, vice president of worldwide sales and service operations for Vormetric. “Fortrex Technologies has the knowledge, experience and track record to earn the trust of organizations that need help navigating the maze of healthcare and payment card regulatory requirements. Together, Vormetric and Fortrex have a complete solution to identify, assess and remediate threats to sensitive data.”

About Fortrex Technologies

Since 1997, Fortrex Technologies has served as a trusted security and risk management advisor to its clients throughout the world. Fortrex focuses exclusively on IT security, operational risk and regulatory compliance and helps organizations throughout the world identify, assess, remediate and manage their operational risks through consulting, audit, vendor management and human capital assistance. By providing expert technical assessments, Fortrex ensures the confidentiality, integrity, and availability of data and systems through world-class, enterprisewide information security services and solutions. Powered by a team of security and risk management experts and the industry's leading technology, Fortrex's in-depth risk assessments and solutions ensure that its client's information assets remain safe and secure. For more information visit

About Vormetric

Vormetric is the leader in enterprise system encryption. The Vormetric Data Security product line provides a single, manageable and scalable solution to encrypt any file, any database, any application, anywhere it resides— without sacrificing application performance or creating key management complexity. Some of the largest and most security conscious organizations and government agencies in the world, including 7 of the Fortune 20, have standardized on Vormetric to provide strong, easily manageable data security. Vormetric technology has been selected by IBM as the only database encryption solution for DB2 and Informix on LinuxTM, Unix® and Windows; by Symantec to provide the Symantec Veritas NetBackupTM Media Server Encryption Option; and by Oracle to secure the execution environment for Oracle® Database Vault. For more information visit,

Editorial Contact:

Marc Gendron
Marc Gendron PR

Vormetric is a trademark of Vormetric, Inc. All other names mentioned are trademarks, registered trademarks or service marks of their respective owners.