Case Study: Swiss Post achieves ISO 27001 certification with URM

Swiss Post - Customer Case Study

Swiss Post Solutions Limited, an independent subsidiary of Swiss Post, wanted to strengthen corporate governance and demonstrate a strong commitment to information security as it expanded across Europe, the USA, the Middle East and Asia. To avoid a box-ticking exercise, the company aimed to embed an ISO 27001 information security management system across the whole organisation, with broad internal involvement and a challenging target to achieve certification by Q4 2009. URM was appointed as an external ISO 27001 specialist consultancy, and its Abriska risk assessment software was used to support the project.

URM led a two-day implementation workshop, helped define the full-organisational scope, and supported a thorough risk assessment that informed remediation, policy centralisation and local implementation through site-based information security controllers. The approach produced an ISO 27001-compliant statement of applicability and risk report, and Swiss Post Solutions was recommended for ISO 27001 certification on 30 September 2009. The company reported stronger communication, local accountability, a more structured business continuity approach, and a consistent security benchmark for future acquisitions, with URM’s guidance and Abriska contributing to an objective, sustainable security strategy.

Swiss Post

Jonathan King

Chief Executive Officer