The UK's original eco-conscious retailer, Anita Roddick's
The Body Shop, has turned to
LogLogic to help its 2,500
stores in more than 60 countries comply with the
Payment Card
Industry's Data Security Standard (PCI:DSS).
PCI:DSS requires organisations that accept card-based sales to
protect the information on the cards against theft and fraud. Part
of the 12-step standard is to track all security events on systems
that handle, process and store credit card information.
"PCI sets standards which, from a security perspective, make
common sense," said Jon Granville, director of global e-commerce
& IT for The Body Shop. "We should be able to demonstrate that
we are secure - compliance mandates or not."
The initial implementation was planned for the company's North
American datacentre, but The Body Shop also wanted it to roll out
to the UK, EMEA and Asian Pacific regions in 2008.
A desk research project narrowed the supplier shortlist to
three. "Right from outset, LogLogic bought into our requirements
and understood the key business drivers," said Granville. "They
were in fact the only supplier that would guarantee that they would
deploy the system into our environment by the March deadline. That
was very important to us."
Not only did the system go in quickly, but users were up to
speed quickly too, he said. "We have not lost valuable time with
staff going off for training courses," said Granville. "There has
simply been no need. This has been a key differentiator."
LogLogic has helped The Body Shop to discover and troubleshoot
other system issues. A secure network zone for a system that
handled credit cards also needed to pass some non-credit card
information through the highly secured zone. The log data helped
The Body Shop identify how to do this.
LogLogic software also helped The Body Shop to identify
point-of-sale (POS) software that was hogging network bandwidth. It
found the application was part of a testing process that did not
need to be on the live production system. A reconfiguration soon
freed more bandwidth.
Now that its American shops comply with PCI, The Body Shop's UK
operation and EMEA and Asia-Pacific are following suit. It is now
identifying which parts of its IT infrastructure need logging, and
it will then plan how to do it.
"It is partly technical assessment," said Granville. "But it is
also a business process assessment - how do we process credit cards
as a business? We need to map everything and see what is in scope.
Once that has been established, we will begin implementation."