Privacy and Data Security

We ensure we are compliant with all relevant regulations and that we are constantly and verifiably improving


We take an active part in all projects to ensure that our security standards are followed and that risks are properly identified and mitigated as early as possible. We engage in all secure data processing requirements as mandated by the Protection Requirement Analysis, a directive issued by the Federal Delegate for Cybersecurity in Switzerland. We ensure consistent local implementation within all SPS entities.

When we speak about personal identifiable information (PII), we make sure that all our activities in relation with data processing are compliant with the data protection requirements applicable; for example, in EU countries the General Data Protection Regulation (GDPR) is valid and it establishes a set of mandatory controls for how we treat and protect information related to individuals.

man working on his laptop smiling


Our colleagues are provided with training and campaigns to bring cybersecurity and the risks associated with handling information in our daily work into the awareness of all colleagues. This has shown a very positive impact and we have been able to stop multiple attempts to compromise our company’s information thanks to our colleague’s alertness.

Our employees training includes:

  • Compliance and data protection (i.e., GDPR): Face-to-face training for new joiners.
  • Annual cybersecurity mandatory training.
  • Variety of cybersecurity optional trainings.
  • Phishing simulations, including personal measures if these were not recognized.
  • Regular communication on interesting cybersecurity topics is sent out monthly/weekly, such as Beekeeper posts, IT newsletter, and regular updates on the Cybersecurity Hub
icon of a padlock


Through the work of our Compliance department and data protection officers we have industry-recognized certifications including:

  • ISO 27001. Information security management
  • PCI-DSS. The Payment Card Industry Data Security Standard
  • Cyber Essentials. UK government-backed and industry supported certification to ensure bestpractice for cybersecurity
  • ISO 22301. Business continuity plans, systems, and processes
  • ISO15489-1. Records management

We conduct SOC I/II audits to evaluate and assess non-financial reporting controls as they relate to the Trust Services Criteria – the security, availability, processing integrity, confidentiality, and privacy of a system. A SOC 2 audit report helps to prove that the nonfinancial reporting controls of a service organization are fit for purpose, and appropriately protecting sensitive client data.


Placeholder image

Our employees

Fostering an atmosphere where each employee feels respected, appreciated, included, and has the chance to grow and develop

Placeholder image

Diversity & Inclusion

Diversity, equity, and inclusion are inherent to SPS’ culture and success

Placeholder image

Business Ethics

We are commited to compliance and adherence to regulatory standards, promoting a transparent and responsible business environment

Placeholder image

Sustainability & Environment

We are committed to reducing our own emissions and helping clients do the same