THE CHALLENGE
Gemserv work with businesses globally to unleash their potential, help them grow, build resilience and maintain compliance with various standards and regulation. BODEN is a leading UK retail company supplying customers across three key markets, UK, North America and Europe, with approximately 1,200 employees across UK and US locations, with a turnover of £380m for 2018.
The size of their operational capabilities means that BODEN have a complex and multi payment channel environment covering a range of different locations, systems, services and a few key service providers, some of which needed to be aligned with the Payment Card Industry Data Security Standard (PCI DSS).
BODEN are a tier two merchant processing approximately 3.5 million card transactions per annum on behalf of their customers. So, in addition to Gemserv Qualified Security Assessors (QSA’s) conducting the BODEN formal Self-Assessment Questionnaire (SAQ) assessment, they were also required to confirm the scope, conduct the formal assessment and remediation activity reviews and provide QSA signoff against the SAQ and Attestation of Compliance (AOC).
OUR APPROACH
BODEN were introduced to Gemserv mid-year 2016 and have been using Gemserv QSA consultants to provide PCI DSS consultancy and onsite assessment activities during this period up to the present day. The initial PCI compliance assessments for BODEN was completed and AoC signed off in May 2019 by Paul O’Leary COO, and has been led by Mark Railton Gemserv Principal QSA.
As PCI awareness is a key success factor in any PCI assessment, the advice, guidance and practical implementation support, and the assessment approach taken by the Gemserv QSA’s provided and continue to provide to BODEN has proved invaluable to the BODEN compliance programme. Gemserv’s consultants’ ability to communicate in this way, at all levels, and along with the pragmatic approach to assessing the BODEN environment has helped BODEN to maintain compliance with the PCI DSS.
THE OUTCOME
Gemserv’s passion for the subject matter, assessment support and pragmatic approach has enabled the BODEN team to share issues with key internal stakeholders, and major third-party service providers and Senior Managers to improve the security posture and enabled them to learn and implement improved business as usual (BAU) activity. BODEN now feel that their PCI DSS programme is continually improving, and therefore progressing and becoming more established as BAU, and the wider BODEN team are more comfortable with dealing with the PCI standard, assessment process and the challenges, and benefits that it can bring across the organisation.
Gemserv has enabled the BODEN team to continually meet their PCI DSS compliance deadlines by guiding them through the standard deliverables, obtaining supporting evidence required by the QSA, and answering all their questions and simplifying things for the BODEN team.