Confidentiality, integrity and availability
With our information security department, we support our customers on a strategic, tactical and operational level. Information security focuses on the protection needs of the IT environment and ensures the confidentiality, integrity and availability of information. We work with the relevant industry standards and implement them according to the individual needs of our clients.
Together we find risk-oriented solutions and optimise the cost-benefit ratio. Our services are tailored to the individual needs of our clients: We provide support as CISO as a service or through topic-specific consulting, conduct maturity analyses and assessments as well as 2nd opinions or accompany during the preparation phase and implementation of certification, assurance and IT audits.
Creation of an Information Security Management System (ISMS) based on ISO/IEC 27001
Establishment of the ISMS in a complex organisation with several units in Switzerland and the EU with different sizes and maturity of the units. With the introduction of the information security guidelines according to ISO/IEC 27001 and CIS, the company can meet the expectations of the legislator and the regulators.
- Analysis of the current state of the existing structures
- Identification of information security gaps
- Creation of information security guidelines in accordance with ISO/IEC 27001 and the CIS Framework
- Introduce standard procedures for gap analysis, maturity assessment of the different units and the roadmap for gap closure.
- Coordination of requirements with Audit, Compliance and Risk Management
- Preparation of internal communication and policy structure for the intranet Definition of the BCM strategy according to the company’s risk profile
IT outsourcing support in relevant security aspects
Security support in the transition phase of outsourcing the operation of various core applications to an external international service provider.
- Data security concept, with topics such as access control, crossboarder/secure connections and incident management analysed
- Risk assessment incl. measures for mitigating information security relevant risks