assure, secure, advise

PDSA


About
The People’s Dispensary for Sick Animals (PDSA) is the UK’s leading veterinary charity and the largest private employer of fully qualified veterinary surgeons and veterinary nurses in Europe. Established in 1917 to care for the sick and injured animals of people in need, PDSA provides free of charge veterinary services through its network of 47 animal hospitals and branches, with further treatment being provided through 345 private local veterinary practices. The charity is funded by legacies, regular donations from over 85,000 donors, income from its 182 retail shops and the sale of its own branded items.

Challenge
With an extensive and growing database containing personal information on several million supporters such as names, addresses, bank and credit card details, ensuring the security of this information is essential.

The charity required a security partner that could help it to develop an information management strategy which would provide a solid foundation going forward.

Solution
Following a review of the marketplace, PDSA engaged independent IT security specialist NCC Group.

NCC Group's team of consultants worked with PDSA to establish how information was used at present and how this was likely to change in the future, along with a comprehensive review of the security of existing networks and systems.

PDSA also engaged ongoing regular penetration testing – also known as ‘ethical hacking’ – of its networks and systems. This involved NCC Group’s team of experienced testing consultants using the methods and tools of genuine hackers to identify areas of vulnerability which could allow unauthorised access from both internal and external sources.

Based on the outcome of the tests, NCC Group explained the findings so that there was a clear understanding of what the vulnerabilities meant and how they could be addressed and mitigated in a practical and pragmatic way.

Results
The completed review resulted in the endorsement and immediate execution of PDSA’s existing plans for a series of technical improvements, including the introduction of more sophisticated firewalls and anti-virus software and a new management system formalising the monitoring for and scheduling of patches and upgrades. A practical plan was then developed to improve the internal and external security of the charity’s networks, databases, applications and links to third parties which would evolve in line with the organisation’s future activities and use of technology.

Supporting policies and procedures were also developed and implemented to promote an organisation-wide understanding of the importance of maintaining robust information security practices. These outlined the responsibilities of all staff and buy-in was sought and achieved at the most senior level to ensure the ‘top-down’ approach which is essential in establishing a successful information security culture.

Graham Parker, Head of IT at PDSA commented: “Ensuring the security of our information, particularly the personal details of our supporters and our staff, is vital. We have therefore used NCC Group for expert advice in this area for a number of years due to their extensive industry experience and their independence from suppliers. We feel they understand our organisation’s culture and objectives and that their advice offers genuine insight rather than simply reflecting current industry trends.”

NCC Group provides regular penetration testing services to PDSA and continues to act as a ‘trusted advisor’ on IT and information security issues.

=========================================================
NCC Group is a leading global provider of independent IT assurance, security and consultancy services. As a trusted advisor, we help over 15,000 public, private and not for profit sector organisations, including 92 of the FTSE 100, to make the most efficient use of information and technology and to manage the associated risks.

Pull-out quote


“Ensuring the security of our information, particularly the personal details of our supporters and our staff, is vital. We have therefore used NCC Group for expert advice in this area for a number of years due to their extensive industry experience and their independence from suppliers. We feel they understand our organisation’s culture and objectives and that their advice offers genuine insight rather than simply reflecting current industry trends.”

Graham Parker, Head of IT, PDSA

Challenge


With an extensive and growing database containing personal information on several million supporters such as names, addresses, bank and credit card details, ensuring the security of PDSA's information is essential

Solution


The charity engaged independent IT security specialist NCC Group to develop an information management strategy which would provide a solid foundation going forward

Results


The completed review resulted in the endorsement and immediate execution of PDSA’s existing plans for a series of technical improvements

Supporting policies and procedures were also developed and implemented to promote an organisation-wide understanding of the importance of maintaining robust information security practices

top of page

Website © Copyright 2006-2008 NCC Services Ltd - all rights reserved

NCC Group - Software Escrow Services, Verification Testing, Assurance Testing, Penetration Testing, & Consultancy