Smithfield’s Chicken ‘N Bar-B-Q® Standardizes Multi-Location Security and Compliance with ControlScan

Reduced risk, decreased stress and curtailed costs.

A single-source solution for data security and PCI compliance.

ControlScan PCI 1-2-3 and managed firewall services combine to simplify and standardize.

ControlScan offers multi-location security for restaurant chainsA “North Carolina original” of more than 30 years, Smithfield's Chicken 'N Bar-B-Q® (SCNB) offers its customers an enjoyable dining experience that includes hot, fresh food and tableside service. This guest-minded focus has fostered strong customer loyalty, enabling the company to build and expand its fast-casual restaurant brand to 36 locations across the state.

Cary Keisler, Inc. oversees 22 of SCNB’s 36 locations, providing administrative and technical support that helps these franchise owners focus on their stores’ daily operations and customer service goals. The name Russ Boisvert is well known by these 22 franchisees, because he is the SCNB contact they rely upon for HR, accounting and vendor management (including IT) assistance.

With various POS systems and technologies in use among the 22 Cary Keisler-managed locations, Boisvert found it extremely difficult to achieve, validate and maintain PCI compliance. What’s more, the myriad of independently-operating firewall technologies equated to thousands of dollars in unnecessary monthly expenditures.

Standardizing with ControlScan managed firewall services eliminated those costs and introduced a simplified, single-source solution for ensuring multi-location security and compliance. In addition, implementing the ControlScan PCI 1-2-3™ program simplified and standardized the PCI compliance process for each of the 22 SCNB locations.

The Challenge: Multiple Locations, No Technology Standard

Smithfield's Chicken 'N Bar-B-Q®  is like many regional restaurant franchises; its footprint is expanding and at the same time, there are growing pains when it comes to holistically managing security and compliance. These issues often result from the franchise management firm's desire to encourage operational autonomy among its franchisees.

The ability to choose one's own vendor can help the franchisee control costs but can expose the franchise management firm—and the franchise as a whole—to significant risk. A data breach at just one location causes brand damage that ripples through the entire chain. In addition, any other location using the same insecure technologies or processes can be within the attackers' reach, causing the breach's impact to spread.

“While it's not always apparent to the franchisee, having some IT oversight at the franchisor level is in their best interests,” said Russ Boisvert, HR and IT Director for Cary Keisler, Inc. “Lack of oversight on our part leaves each franchisee to sort out their own technologies and associated protections, oftentimes without the IT or security support they truly need. Furthermore, it doesn't give them the peace of mind that their valued customers are fully protected.”

Historically, each SCNB franchisee was responsible for selecting and implementing their own firewall, anti-virus and anti-malware technologies. Boisvert dedicated a portion of his time to assisting with these implementations, but the resulting patchwork of solutions couldn't ensure that the organizational network was fully secured.

Compliance with the Payment Card Industry Data Security Standard (PCI DSS) created an additional layer of operational complexity. Boisvert found that achieving, validating and maintaining PCI compliance among 22 locations was virtually impossible, given the number of vendors and technologies involved.

“Demonstrating PCI compliance is a big deal because just about everything you can think of is in scope,” said Boisvert. “Each location's internal and external networks must be effectively and continuously secured.”

The Solution: A Single Source for Unified Security and Compliance

Overwhelmed by the organization's overly-complicated IT landscape, Boisvert decided to establish a partnership that would create a simplified, cost-effective IT security and compliance standard across the SCNB chain.

“One of our POS providers, Lucas Systems, recommended I contact ControlScan,” said Boisvert. “ControlScan had a convenient solution that addressed every challenge I presented, and they were willing to work with existing SCNB service providers to eliminate burden. For example, their ability to contract directly with Verizon for network connection fail over greatly simplified that process, saving us money and ensuring that even if our network goes down, we can still process card transactions through cellular internet connection.”

Boisvert selected the ControlScan PCI 1-2-3™ program to simplify and standardize the PCI compliance process among the 22 SCNB locations. The program, which includes the SmartSAQ self assessment questionnaire, network vulnerability scans, custom security policies and personalized, expert guidance every step of the way, is ideal for bringing compliance and convenience to multi-location businesses.

"The move to a single, reliable source for our security and compliance needs promised to make my life so much simpler."

ControlScan is also a Managed Security Service Provider (MSSP); therefore, Boisvert chose to utilize the company's managed Unified Threat Management (UTM) service. The service delivers layered security that combines ControlScan's deep expertise and high-touch support with the exceptional protection of a UTM security appliance, which includes firewall; advanced intrusion detection and prevention; anti-virus, anti-spam and anti-malware; content filtering and VPN capabilities. In addition, fully integrated Wi-Fi access points save money and create an additional security barrier.

“The move to a single, reliable source for our security and compliance needs promised to make my life so much simpler," said Boisvert. “Not only that, but it would ensure uniform protection for our franchisees and their customers.”

Implementation: Due Diligence Followed by a Hassle-Free Install

Prior to formal implementation, Boisvert and the ControlScan team conducted a detailed review of each store‟s processes. This included POS data flows, IT network setups, processing methods for credit cards, and the websites that location managers would need to access. Controlscan also double-checked the accuracy of all POS-related information with the individual vendors; doing so would simplify the organization's PCI process and avoid surprise compatibility issues.

All network firewalls were quickly received and ControlScan supported Boisvert through the physical install. “The whole process was basically seamless and problem resolution was quick and painless,” said Boisvert. “You're dealing with a restaurant's network, and overall communications system, so it‟s essential to implement quickly and then get them back up and running immediately.”

Results are what matters, and Smithfield’s Chicken ‘N Bar-B-Q® saw quick results from its ControlScan partnership. Best-of-breed technologies, high-touch support and standardized processes dramatically reduced organizational risk and streamlined PCI compliance.

“The ControlScan team has my back, and that means a lot,” said Boisvert. “They're out there providing continuous security and compliance support to our 22 stores so that we can focus on building and expanding our business.

“The value ControlScan brings to the table has been evident from the start,” Boisvert continued. “I'd like to see the other 14 SCNB locations follow our lead to further standardize and protect the Smithfield's Chicken 'N Bar-B-Q brand.”