Case Studies: South Pacific Petroleum Corporation
Featuring Nicole Murphy, IT Manager, South Pacific Petroleum Corporation (SPPC)
(SPPC) realizes the importance of applying PCI DSS standards to all aspects of their business that dealt with customer data
South Pacific Petroleum Corporation Background:
South Pacific Petroleum Corporation (SPPC) is an energy solutions company, located in Tamuning, Guam. When ConocoPhillips mandated that all company franchises needed to become PCI compliant, SPPC initially undertook the responsibility of upgrading their POS to a PCI compliant system.
SPPC needed to make their operation PCI compliant so that it could meet the expectations of ConocoPhillips and protect all customer transactions.
With an IT staff of one, it was crucial that SPPC chose a solution that would make becoming compliant easy and less time-consuming so that the task was not overwhelming.
“My plate was already full, even before PCI compliance. I knew I needed help, so it was really a matter of finding the right source of help,” Nicole Murphy, SPPC’s Systems Administrator, said.
SPPC also needed the help of a compliance solutions company that would share valuable knowledge about PCI compliance standards.
After researching seven different vendors, SPPC chose OmegaSecureTM, the hosted PCI compliance solution from Omega ATC. This solution is ideal for companies that have minimal IT staff, like South Pacific Petroleum. The client was persuaded by what they considered the “glaring” difference between Omega and its competitors: OmegaSecure provides helpful tools, all in one place, that other companies did not.
“The other vendors offered an online SAQ format, which is pretty standard, plus personalized assistance from a representative. I was really looking for actual tools to help perform and automate the twelve PCI requirements. The other vendors offered to help me find different tools, but only Omega ATC presented the complete package including specifically designed tools to accomplish PCI-DSS compliance.”
Assets like reporting, secure access tools, monitoring, and logging, and secure remote control—a tool that allows the customer to manage any machine with the click of a button–have made compliance more manageable for the company. SPPC also decided to add Wireless Intrusion Detection and Prevention completing all steps toward becoming compliant. OmegaSecure utilizes small footprint software agents and provides automatic software updates to save the client valuable time and resources. Also, the guidance of Omega’s Security Strategists has made South Pacific Petroleum feel confident about its status as a PCI compliant company.
SPPC says that even though their location in Guam is 15 hours ahead of Omega’s, the time difference has had no impact on the function of OmegaSecure or their ability to reach Omega staff whenever an issue or a question arises. Omega staff also reaches out to SPPC personnel via email and phone calls on a regular basis.
“Data security is a full-time job in itself. Omega put the procedures and the automation tools in place for me to address data security for my company. To me, there are so many pieces involved in doing that and the difference between trying to accomplish and having expert assistance is huge. Omega has a plan and a system that works, without me having to reinvent the wheel.”
-Nicole Murphy, South Pacific Petroleum Corporation
- South Pacific Petroleum became PCI compliant–something that the company admits they could not have done on their own–without making any changes to their stores and without requiring a major investment
- OmegaSecure has helped the company maintain network security by monitoring the system 24/7, flagging and alerting potential security threats, and instantly remediating any vulnerabilities without interruptions to daily company functions,
- OmegaSecure demonstrates PCI compliance with auditable event and activity logs, and by performing necessary quarterly scans
- Implementing OmegaSecure relieved the strain of PCI compliance on South Pacific Petroleum’s minimal IT staff
- OmegaSecure’s tools, all within one centralized console, allow the company to examine the overall “health” of their network by showing the status of patches, devices and network applications
- The OmegaSecure console helps keep compliance easy and organized so that Nicole has more time to handle her other job responsibilities
- South Pacific Petroleum is alerted of any security issues by OmegaSecure by email and by phone
- A Security Strategist specifically assigned to South Pacific Petroleum has been able to guide the company through every stage of gaining and maintaining PCI compliance, and is available to provide assistance in policies and to answer questions whenever they arise
- By implementing OmegaSecure and reducing the risk of a breach, South Pacific Petroleum will see a return on investment by a reduction in business overhead, maintenance and insurance costs, as well as improvement to brand recognition and customer confidence
17263 Wild Horse Creek Road
Chesterfield, MO 63005