We take an active part in all projects to ensure that our security standards are followed and that risks are properly identified and mitigated as early as possible. We engage in all secure data processing requirements as mandated by the Protection Requirement Analysis, a directive issued by the Federal Delegate for Cybersecurity in Switzerland. We ensure consistent local implementation within all SPS entities.

When we speak about personal identifiable information (PII), we make sure that all our activities in relation with data processing are compliant with the data protection requirements applicable; for example, in EU countries the General Data Protection Regulation (GDPR) is valid and it establishes a set of mandatory controls for how we treat and protect information related to individuals.

Our colleagues are provided with training and campaigns to bring cybersecurity and the risks associated with handling information in our daily work into the awareness of all colleagues. This has shown a very positive impact and we have been able to stop multiple attempts to compromise our company’s information thanks to our colleague’s alertness.

Our employees training includes:

• Compliance and data protection (i.e., GDPR): Face-to-face training for new joiners.
• Annual cybersecurity mandatory training.
• Variety of cybersecurity optional trainings.
• Phishing simulations, including personal measures if these were not recognized.
• Regular communication on interesting cybersecurity topics is sent out monthly/weekly, such as Beekeeper posts, IT newsletter, and regular updates on the Cybersecurity Hub