Information security at Swiss Post
Simply a good feeling
Rich Content Section
At Swiss Post, you and your data are in good hands. We show you how we protect our own data and that of our customers.
The security of your data is of central importance to us. This begins right from the time we develop a solution, long before you can use our products and services as a customer. And we of course ensure that your data is and remains secure during ongoing operations. For instance, we subject our products to multi-level testing and monitor operations in our data centers around the clock or to regular independent security audits.
The brochure “Information security at Swiss Post” (PDF, 5.3 MB) explains how secure our main products and services are.
Trustworthy handling of personal information and protecting it from unauthorized access is part of Swiss Post’s DNA. This is why it is essential for us to continuously invest in strong and effective information security.
Marcel Zumbühl, Chief Information Security Officer (CISO), Swiss Post
Rich Content Section
Our own data centers in Switzerland
Swiss Post operates its two own data centers in Switzerland. They provide a top-class data hosting environment and are protected by several levels of security.
The sophisticated IT systems, along with technical, construction and organizational measures and a responsible approach to handling data allow Swiss Post to keep its performance pledge. We give your data the best possible protection.
Own bug bounty programme
In 2019, Swiss Post introduced a “bug bounty programme”. The programme allows ethical hackers from all over the world to test Swiss Post’s online services to the limit. We want to know how secure Swiss Post’s digital services are and how we can further improve our data protection.
Unlike their criminal counterparts, ethical hackers do not break into IT systems with malicious intent, but in order to improve them. They test systems continuously – because IT systems are never finished. Technologies change. This means that safety standards must also be constantly adapted. Ethical hackers are an important factor in this process.
Certified security
For key issues, Swiss Post has for many years sought certification in accordance with internationally recognized standards. By doing so, it adheres to best practices and simplifies compliance processes for customers. The certification process includes the following standards:
- ISO 27001: The international standard for the installation, implementation, maintenance and ongoing improvements for an information security management system (ISMS)
- ISO 22301: The international standard for an effective business continuity management system (BCMS)
- ISO 20000–1: The internationally recognized standard for service management in informatics
- TÜV Trusted Site Infrastructure TSI V3.2 Dual Site Level 3: both Swiss Post data centers are located in Switzerland at geographically independent locations. They provide a first-class hosting environment with several security layers. The certification refers to the physical infrastructure of a data center (location, building construction, security technology, energy supply and air conditioning technology) and the operator’s organizational processes.
- ISAE 3402:PostFinance and the Informatics/Technology unit are assessed and certified in accordance with the International Standard on Assurance Engagements (ISAE) 3402 for control effectiveness of the internal control system.
- PCI DSS: The Payment Card Industry Data Security Standard (PCI DSS) was developed by the PCI Security Standards Council to limit incidents of fraud in relation to credit card payments on the Internet.
The “My consignments” online service has been certified with the “Digital Trust Label” from the Swiss Digital Initiative (SDI) since 2023. The label evaluates digital applications using 35 criteria in four categories, “Security”, “Data protection”, “Reliability” and “Fair interaction”, allowing users to quantify the trustworthiness of digital applications. The Digital Trust Label, which was developed in Switzerland and launched in 2022, is the first of its kind in the world.
Transparent data protection
We treat your personal data with care and in accordance with the provisions of data protection law and postal legislation. In our data privacy statements, we set out transparently which of your data we use and in what form. We explain which data we process whenever you access this website and other digital presences. Find out more at “Data protection and disclaimer”.
Cybersecurity for companies
360 SMEs place their trust in Swiss Post’s cybersecurity solutions. And that figure is rising.
- hacknowledge.ch
In cooperation with Swiss Post, Hacknowledge provides solutions for the efficient security monitoring of IT systems. - terreactive.ch
Together with terreActive, Swiss Post is able to provide companies and authorities with a comprehensive range of cybersecurity solutions, offering optimal protection of information, data and IT infrastructure. - cybernavi.ch
A solution provided by the Information Security Society Switzerland (ISSS). Swiss Post is a gold partner of ISSS.