Ethical phishing in the NHS

View All

Case Studies

Princess Alexandra Hospital NHS Trust

View All

Upcoming Events

WEETF: Next steps for retail energy markets in the UK

View All


New Webinar Coming May!

View All


Swiss Post Solutions UK 2018 PCI DSS Case Study

3rd Jan, 2019

Gemserv work with businesses across the country to unleash their potential, help them grow and build resilience and maintain compliance. Swiss Post Solutions (SPS) is a global business operating in 15 countries, with 7,000 employees, and provides a number of business solutions for their UK and International client base.

The Challenge

The breadth of services within SPS has a significant reach as they serve
their customers in multiple countries from the private and public sectors.
Swiss Post Group turnover for 2017 was 7,987 million Swiss Francs.

The size of their operational capabilities means that SPS has a range of different locations, systems, services and data procedures. Because SPS UK is a service provider to their clients and could be processing card data on behalf of some clients, they need to be aligned with the Payment Card Industry Data Security Standard (PCI DSS).

Our Approach

SPS UK were introduced to Gemserv over three years ago and have been using Gemserv QSA consultants to provide PCI DSS consultancy and assessment activities during this time.

The last two PCI compliance assessments have been led by Mark Railton, Gemserv Principal QSA, who had worked with the SPS Compliance Manager, Compliance Team Members, and all the key project stakeholders who were engaged early in the 2018 scoping exercise in preparation for the 2018 onsite assessment.

As PCI awareness is a key success factor in any PCI assessments, the advice, guidance and practical implementation support that Gemserv QSA’s provided, and continue to provide, to SPS UK has proved invaluable. Our consultants’ ability to communicate at all levels in this way has helped SPS UK to maintain compliance with PCI DSS as well as bringing new members of the SPS team up to speed with the PCI standard.

Because of our approach, the project quickly moved from the identification of gaps in stakeholder’s knowledge to a position where SPS UK team felt that they as a business “owned” PCI compliance rather than feeling that it was something which was simply another tick box exercise.

The Outcome

Gemserv’s passion for the subject matter has enabled SPS UK team to own and share issues with key internal stakeholders and enabled them to learn and implement improved BAU activity. They feel that their PCI DSS programme is progressing and becoming established, and the SPS team are more comfortable with dealing with the standard and the challenges that it can bring across the organisation.

Mark has enabled the SPS UK team to meet their compliance deadlines by guiding them through the deliverables, obtaining supporting evidence, and answering all their questions and simplifying things for the SPS team.


“Finding a good quality supplier with a proven track record to work with Swiss Post Solutions (SPS) was vitally important. This strategic and high-risk level project required immediate action and came with a challenging completion timeline. Implementing PCI DSS with proactive support from Gemserv was made easy due to their insistence on understanding our business thoroughly. We were able to focus on the priorities which in turn ensured the objectives of the project were not only met but exceeded. I would not hesitate to use Gemserv again for other high-risk projects and would recommend Gemserv to anyone specifically looking to introduce PCI DSS into their business.”

Lucia Howe – Head of Compliance, Swiss Post Solutions UK