As Seen On Screen (ASOS) is a fast rising UK online fashion retailer, selling clothes fashioned after celebrity apparel.

In October 2004 it was the second most visited UK clothing website after Next, boasting 1.1 million visitors.

Last December it had to suspend share trading following the Hemel Hempstead refinery fire, which severely affected its operations – its logistics and customer care departments on a nearby industrial estate were destroyed. It proved a huge blow in the run up to Christmas. MIS UK spoke before these dramatic events had unfolded with its head of IT, Andy Pattinson.

Safety measured

For Pattinson, protecting customer data is something of a passion. “We believe customer data is the key thing that has to be absolutely secure,” he told MIS UK.

“We cannot afford to lose any of that data. If you get a reputation for badly managing your customer data, your sales go over a cliff.

“Good management is the key thing for us and we take all the measures we can to secure the boundaries of our network. We make sure it is as impregnable as possible and that the customer data is kept away from any boundaries around our network and our organisation; that it is behind a firewall. We ensure everything’s secure where it should be secured; that only the core people have access to parts of the information.

“No one in our organisation has access to credit card numbers. They are all secure and encrypted,” he assures.

Cure prevention

Pattinson adds: “Similarly with passwords. We have to manage it like that as we manage roughly three quarters of a million customer records. We need to find out the most efficient ways of doing that,” he says. “We obviously have methodologies in place at the moment, but are they the most efficient? Are they best practice or are other people doing things that are newer, better, quicker, more efficient and more cost effective?”

With all these measures in place it is ironic perhaps that an e-tailer can be so hampered by damage to its physical plant while its customer data is unaffected.

That the company is not based on a single site and a proven and effective back up strategy made sure it survived the fire.

The other site − out in the sticks − handles its secure data as well as back-ups and tapes. “Separately we obviously have data back-ups in the office for our file servers based in our two sites. Although that is not customer specific data, there is obviously business critical data in there that we need to manage as well.”

That is not to say that Pattinson and his team are complacent. Customer data and privacy are not systems and technology issues but personal and psychological issues too, he believes.

“I’m in the process of building new systems and seeing how they interact with the customer. You have to see things through the customers’ eyes a bit more rather than the security infrastructure and the way that we implement things, making sure things are secure and important for the business. Taking that viewpoint more often I think will open up some things we would not have come across before.”