Information security at Swiss Post
Our pledge: digital postal secrecy
Rich Content Section
The same principle that has long since applied to physical postal items also plays a key role in digital data processing at Swiss Post, namely ensuring the highest possible level of security and discretion when handling customer data.
Both technological developments and cyber threats are analyzed on an ongoing basis. The detection of vulnerabilities at an early stage allows a response to be made quickly, before a risk to the stored data arises.
Swiss Post operates its own two data centers in Switzerland, which provide a first-class hosting environment for data and which are protected by several layers of security.
The sophisticated IT systems, along with technical, construction and organizational measures and a responsible approach to handling data allow Swiss Post to keep its performance pledge and provide the best possible protection for the data entrusted to it.
Here’s how customers can play their part in security
What Swiss Post contributes to information security
The brochure “Information security at Swiss Post” contains various factsheets about the information security of our main products and services. It is regularly updated and supplemented.
Current phishing wave
Detecting vulnerabilities with Swiss Post’s bug bounty programme
Swiss Post Informatics and certain digital products are certified in accordance with this international standard. It specifies the requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS).
Swiss Post Informatics meets the requirements for creating and operating an effective Business Continuity Management System (BCMS).
TÜV Trusted Site Infrastructure TSI V3.2 Dual Site Level 3
Both of Swiss Post’s data centers are located in Switzerland, in different geographical locations. They provide a first-class hosting environment with several security layers. The certification specifies requirements for the physical infrastructure of a data center (location, building construction, security technology, energy supply and air conditioning technology) and the operator’s organizational processes. It also documents the suitability for secure areas for which a high level of availability is required.
PostFinance (as a financial institution) and Swiss Post Solutions Ltd (as a service provider for financial institutions), along with Swiss Post Informatics, are assessed and certified in accordance with the International Standard on Assurance Engagements (ISAE) 3402 for control effectiveness of the internal control system.
The Payment Card Industry Data Security Standard (PCI DSS) was developed by the PCI Security Standards Council to limit incidents of fraud in relation to credit card payments on the Internet.