Back

Blogs

New controls released with PCI Version 4 to provide latest safe-guards for payment security

View All

Case Studies

It’s 8am and IT is in for a tough day…

View All

Upcoming Events

EV Charging Infrastructure UK 2022

View All

Webinars

Opportunities

View All

Thoughts

Swiss Post Solutions UK PCI DSS Case Study

3rd Jan, 2019

Gemserv work with businesses across the country to unleash their potential, help them grow and build resilience and maintain compliance. Swiss Post Solutions (SPS) is a global business operating in 15 countries, with 7,000 employees, and provides a number of business solutions for their UK and International client base.

The Challenge

The breadth of services within SPS has a significant reach as they serve their customers in multiple countries from the private and public sectors. Swiss Post Group turnover for 2017 was 7,987 million Swiss Francs.

The size of their operational capabilities means that SPS has a range of different locations, systems, services and data procedures. Because SPS UK is a service provider to their clients and could be processing card data on behalf of some clients, they need to be aligned with the Payment Card Industry Data Security Standard (PCI DSS).

Our Approach

SPS UK were introduced to Gemserv and have been using Gemserv QSA consultants to provide PCI DSS consultancy and assessment activities during this time.

The last two PCI compliance assessments have been led by Mark Railton, Gemserv Principal QSA, who had worked with the SPS Compliance Manager, Compliance Team Members, and all the key project stakeholders who were engaged early in the 2018 scoping exercise in preparation for the 2018 onsite assessment.

As PCI awareness is a key success factor in any PCI assessments, the advice, guidance and practical implementation support that Gemserv QSA’s provided, and continue to provide, to SPS UK has proved invaluable. Our consultants’ ability to communicate at all levels in this way has helped SPS UK to maintain compliance with PCI DSS as well as bringing new members of the SPS team up to speed with the PCI standard.

Because of our approach, the project quickly moved from the identification of gaps in stakeholder’s knowledge to a position where SPS UK team felt that they as a business “owned” PCI compliance rather than feeling that it was something which was simply another tick box exercise.

The Outcome

Gemserv’s passion for the subject matter has enabled SPS UK team to own and share issues with key internal stakeholders and enabled them to learn and implement improved BAU activity. They feel that their PCI DSS programme is progressing and becoming established, and the SPS team are more comfortable with dealing with the standard and the challenges that it can bring across the organisation.

Mark has enabled the SPS UK team to meet their compliance deadlines by guiding them through the deliverables, obtaining supporting evidence, and answering all their questions and simplifying things for the SPS team.