Smithfield’s Chicken ‘N Bar-B-Q® Standardizes Multi-Location Security and Compliance with ControlScan

The Challenge: Multiple Locations, No Technology Standard

Smithfield's Chicken 'N Bar-B-Q®  is like many regional restaurant franchises; its footprint is expanding and at the same time, there are growing pains when it comes to holistically managing security and compliance. These issues often result from the franchise management firm's desire to encourage operational autonomy among its franchisees.

The ability to choose one's own vendor can help the franchisee control costs but can expose the franchise management firm—and the franchise as a whole—to significant risk. A data breach at just one location causes brand damage that ripples through the entire chain. In addition, any other location using the same insecure technologies or processes can be within the attackers' reach, causing the breach's impact to spread.

“While it's not always apparent to the franchisee, having some IT oversight at the franchisor level is in their best interests,” said Russ Boisvert, HR and IT Director for Cary Keisler, Inc. “Lack of oversight on our part leaves each franchisee to sort out their own technologies and associated protections, oftentimes without the IT or security support they truly need. Furthermore, it doesn't give them the peace of mind that their valued customers are fully protected.”

Historically, each SCNB franchisee was responsible for selecting and implementing their own firewall, anti-virus and anti-malware technologies. Boisvert dedicated a portion of his time to assisting with these implementations, but the resulting patchwork of solutions couldn't ensure that the organizational network was fully secured.

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) created an additional layer of operational complexity. Boisvert found that achieving, validating and maintaining PCI compliance among 22 locations was virtually impossible, given the number of vendors and technologies involved.

“Demonstrating PCI compliance is a big deal because just about everything you can think of is in scope,” said Boisvert. “Each location's internal and external networks must be effectively and continuously secured.”

The Solution: A Single Source for Unified Security and Compliance

Overwhelmed by the organization's overly-complicated IT landscape, Boisvert decided to establish a partnership that would create a simplified, cost-effective IT security and compliance standard across the SCNB chain.

“One of our POS providers, Lucas Systems, recommended I contact ControlScan,” said Boisvert. “ControlScan had a convenient solution that addressed every challenge I presented, and they were willing to work with existing SCNB service providers to eliminate burden. For example, their ability to contract directly with Verizon for network connection fail over greatly simplified that process, saving us money and ensuring that even if our network goes down, we can still process card transactions through cellular internet connection.”

Boisvert selected the ControlScan PCI 1-2-3™ program to simplify and standardize the PCI compliance process among the 22 SCNB locations. The program, which includes the SmartSAQ self assessment questionnaire, network vulnerability scans, custom security policies and personalized, expert guidance every step of the way, is ideal for bringing compliance and convenience to multi-location businesses.

ControlScan is also a Managed Security Service Provider (MSSP); therefore, Boisvert chose to utilize the company's managed Unified Threat Management (UTM) service. The service delivers layered security that combines ControlScan's deep expertise and high-touch support with the exceptional protection of a UTM security appliance, which includes firewall; advanced intrusion detection and prevention; anti-virus, anti-spam and anti-malware; content filtering and VPN capabilities. In addition, fully integrated Wi-Fi access points save money and create an additional security barrier.

“The move to a single, reliable source for our security and compliance needs promised to make my life so much simpler," said Boisvert. “Not only that, but it would ensure uniform protection for our franchisees and their customers.”

Implementation: Due Diligence Followed by a Hassle-Free Install

Prior to formal implementation, Boisvert and the ControlScan team conducted a detailed review of each store‟s processes. This included POS data flows, IT network setups, processing methods for credit cards, and the websites that location managers would need to access. Controlscan also double-checked the accuracy of all POS-related information with the individual vendors; doing so would simplify the organization's PCI process and avoid surprise compatibility issues.

All network firewalls were quickly received and ControlScan supported Boisvert through the physical install. “The whole process was basically seamless and problem resolution was quick and painless,” said Boisvert. “You're dealing with a restaurant's network, and overall communications system, so it‟s essential to implement quickly and then get them back up and running immediately.”

Results are what matters, and Smithfield’s Chicken ‘N Bar-B-Q® saw quick results from its ControlScan partnership. Best-of-breed technologies, high-touch support and standardized processes dramatically reduced organizational risk and streamlined PCI compliance.

“The ControlScan team has my back, and that means a lot,” said Boisvert. “They're out there providing continuous security and compliance support to our 22 stores so that we can focus on building and expanding our business.

“The value ControlScan brings to the table has been evident from the start,” Boisvert continued. “I'd like to see the other 14 SCNB locations follow our lead to further standardize and protect the Smithfield's Chicken 'N Bar-B-Q brand.”