BODEN PCI DSS Case Study

The Challenge

Gemserv work with businesses globally to unleash their potential, help them grow,  build resilience and maintain compliance with various standards and regulation. BODEN is a leading UK retail company supplying customers across three key markets, UK, North America and Europe, with approximately 1,200 employees across UK and US locations, with a turnover of £380m for 2018.

The size of their operational capabilities means that BODEN have a complex and multi payment channel environment covering a range of different locations, systems, services and a few key service providers, some of which needed to be aligned with the Payment Card Industry Data Security Standard (PCI DSS).

BODEN are a tier two merchant processing approximately 3.5 million card transactions per annum on behalf of their customers. So, in addition to Gemserv Qualified Security Assessors (QSA’s) conducting the BODEN formal Self-Assessment Questionnaire (SAQ) assessment, they were also required to confirm the scope, conduct the formal assessment and remediation activity reviews and provide QSA signoff against the SAQ and Attestation of Compliance (AOC).

Our Approach

BODEN were introduced to Gemserv mid-year 2016 and have been using Gemserv QSA consultants to provide PCI DSS consultancy and onsite assessment activities during this period up to the present day. The initial PCI compliance assessments for BODEN was completed and AoC signed off in May 2019 by Paul O’Leary COO, and has been led by Mark Railton Gemserv Principal QSA.

As PCI awareness is a key success factor in any PCI assessment, the advice, guidance and practical implementation support, and the assessment approach taken by the Gemserv QSA’s provided and continue to provide to BODEN has proved invaluable to the BODEN compliance programme. Gemserv’s consultants’ ability to communicate in this way, at all levels, and along with the pragmatic approach to assessing the BODEN environment has helped BODEN to maintain compliance with the PCI DSS.

The Outcome

Gemserv’s passion for the subject matter, assessment support and pragmatic approach has enabled the BODEN team to share issues with key internal stakeholders, and major third-party service providers and Senior Managers to improve the security posture and enabled them to learn and implement improved business as usual (BAU) activity. BODEN now feel that their PCI DSS programme is continually improving, and therefore progressing and becoming more established as BAU, and the wider BODEN team are more comfortable with dealing with the PCI standard, assessment process and the challenges, and benefits that it can bring across the organisation.

Gemserv has enabled the BODEN team to continually meet their PCI DSS compliance deadlines by guiding them through the standard deliverables, obtaining supporting evidence required by the QSA, and answering all their questions and simplifying things for the BODEN team.

BODEN Testimonial

Gemserv have been great! They have helped us achieve PCI compliance over the last 3 years and throughout this time their approach has been professional and consistent.

Mark Railton, Gemserv’s Principal QSA has managed our progress and it is fair to say he has kept us on our toes throughout. He has been professional and always made it a priority to ensure we have implemented high security standards and taken the correct steps to communicate this internally. He is a pleasure to work with and as a result we will continue to work with Gemserv and Mark for a further 3 years.


Like what you see?

If you would like to find out more about our Data Protection, Security and Risk capabilities simply just click on the link below:

Share this...

Share on email
Share on twitter
Share on linkedin
Share on facebook

Find out

More

Every day our teams of experts are analysing information like this, providing high-level need to know reports for our clients so they can continue to stay ahead and lead their industries.

Get an unfair advantage – subscribe to our mailing list by filling out the form opposite. You can find out how we look after your data in our Data Policy.

About the Authors