St John Ambulance is now Payment Card Industry Data Security Standard (PCI DSS) compliant following intervention from LogRhythm.
With income generated by first aid training programmes and supplies, service delivery programmes that provide first aid at public events and through charitable donations, St John Ambulance is classed as a Level 3 PCI DSS merchant.
Karl Heydenrych, IT director at St John Ambulance, said that it has implemented a security information event management (SIEM) solution from LogRhythm in order to simplify how the organisation manages its network and meets its compliance responsibilities.
He said: “We believe that this ensures a better fit for our business and brings us a faster return on investment, which is important for us as a charity, so we can equip more people with first aid skills.
“Additionally, LogRhythm was the only solution we found which offered integrated file integrity monitoring. Not only would this negate the need for us to purchase an additional solution to meet the specific file integrity monitoring requirements of PCI DSS, but it would simplify and strengthen our security, audit and compliance processes.”
Before the LogRhythm implementation, St John Ambulance's IT team collected log data manually which made any analysis or forensic investigations time consuming and more reactive than proactive. Beyond the PCI DSS compliance implementation, St John Ambulance anticipates developing LogRhythm's use to provide better visibility over changing activity across the entire IT estate by capturing and reporting on anomalies as and when they occur.
Ross Brewer, vice president and managing director APAC and EMEA at LogRhythm, said: “Charitable organisations such as St John Ambulance are no more immune to internal or external threats than any large blue chip company. However they do often have a greater challenge when it comes to keeping operational costs minimal.
“Having file integrity monitoring fully included within the SIEM solution ensures a straightforward approach to identifying that any unauthorised modifications to systems or files without the added expenditure and time required to install and operate a separate system.”