Securing business data

The Bunker - Managed Security

Case Study: The Bunker

The Bunker achieves PCI DSS Service provider accreditation and IL3 Status using CNS Services.

Client Overview

The Bunker delivers Ultra Secure Managed Hosting, Cloud Computing, Colocation, and Outsourced IT services from within Europe’s most secure data centres. The Bunker’s facilities are the most secure in the UK. Their data centres are housed within purpose built nuclear bomb-proof military specified fortresses. This unequalled level of security and redundancy is coupled with the ability to support high levels of power and cooling and stringent access control procedures. Security is the essence of who The Bunker are and has evolved from the way the organisation and the individuals within it behave and think about security; it’s the DNA of the organisation – the company culture.

The Bunker

The Challenge

The Payment Card Industry Data Security Standard* (PCI DSS) was set up by major payment-card brands in 2006 to keep credit-card data safe. If you process, store, or transmit credit-card data then you have to comply with the standard. The standard has 12 requirements, and over 200 sub-requirements.
Fail to comply with PCI DSS and you could face hefty fines and higher transaction costs during the time that it takes – usually two years – to regain compliant status. Worse still data breaches make headline news and can crush consumers’ confidence.

To be validated as PCI DSS compliant, most companies will have to pass an audit by a Qualified Security Assessor (QSA) who will check every sub-requirement.
Once you’re compliant you have to pass an annual QSA audit, and quarterly security scans. You have to put in place processes for everything from how to change a firewall setting, to who has access to a server. And set up processes to log system changes, and process documents to create auditable records.

The Solution

CNS worked with The Bunker in designing an infrastructure that allows The Bunker to gain accreditation across areas of compliance such as PCI DSS. Each solution is designed to the specific needs of the client and is supported under a Managed Service delivered by CNS Mosaic.
CNS Mosaic portfolio of Managed Services is based on its propriety award winning COMPLIANCEngine platform and is designed to deliver Managed Information Security and IT Compliance. The TOTAL SECURE services deliver the Vulnerability Management, Configuration & Build Validation, Patch Management and Logging, Alerting and Responses needed by regulations such as PCI DSS, Code of Connection (PSN, HMG, IG-SOC), ISO27001, CoBIT and many others including bespoke internal best practices.   

CNS Mosaic TOTAL SECURE is able to offer business continuity and cost savings beyond that of traditional stand-alone auditing tools and other complex SIEM appliances, plus deliver intelligence for on-going compliance and protection against threats.

TOTAL SECURE Managed Services are fully supported by CNS Group’s highly accredited understanding of regulatory mandate and security best practice acts.  Our clients will receive a much extended level of benefit along with the extra level of IT assurance offered by qualified consultants. 

“The Bunker needed independent and certified personnel to assist us with delivering PCI DSS and PSN CoCo (IL3) certified solutions. We were particularly impressed with CNS’s COMPLIANCEngine, a comprehensive suite of software and services, which has already significantly reduced the time to certification for several of our clients. 
The company’s levels of innovation and in-depth understanding of security standards, as well as its approach to delivering certified solutions, has been exceptional”

Simon Neal, Director of Data Centre Services at The Bunker

Key Business Benefits

  • Compliance against baseline 
  • Infinitely customizable 
  • Centralised management portal 
  • Reduce Cost of Compliance 
  • No upfront capital expense 
  • Improve Business Continuity 
  • Lifecycle compliance monitoring 
  • Managed certification process 
  • Automated Toolset


While the payment-card brands hold companies responsible for compliance, companies can hand-off requirements to external providers. For example, over 30 UK data centres meet two of the 12 requirements (‘hosting providers’ on the Visa Europe list). But if you hand-off two requirements – usually requirements 9 and 12 – to a ‘hosting provider’ you still have to comply with the other ten PCI DSS requirements. A ‘hosting provider’ can help organisations get to compliance, but it could be a slow and tiring road if you don’t have the necessary resources. The Bunker now has ready-made compliance components in place and solid PCI DSS know-how to get their clients to compliance quickly.
The Bunker has been certified as meeting all 12 of the PCI DSS requirements –one of only a handful of UK data centres that are. Through automated scanning and data collection platforms The Bunker are able to outsource all the crucial but laborious tasks required to maintain IT Security compliance to a chosen standard for their clients.

Get in touch

Talk to our experts today
call us

Get in touch

Talk to our experts today +44 (0) 20 7592 8800

Send us a message

We'll get back to you Send us a message

Connect with us

See what we're saying elsewhere