Privacy and Data Security

We ensure we are compliant with all relevant regulations and that we are constantly and verifiably improving

CYBER SECURITY AND DATA PROTECTION

We take an active part in all projects to ensure that our security standards are followed and that risks are properly identified and mitigated as early as possible. We engage in all secure data processing requirements as mandated by the Protection Requirement Analysis, a directive issued by the Federal Delegate for Cybersecurity in Switzerland. We ensure consistent local implementation within all SPS entities.

When we speak about personal identifiable information (PII), we make sure that all our activities in relation with data processing are compliant with the data protection requirements applicable; for example, in EU countries the General Data Protection Regulation (GDPR) is valid and it establishes a set of mandatory controls for how we treat and protect information related to individuals.

image

TRAINING

Our colleagues are provided with training and campaigns to bring cybersecurity and the risks associated with handling information in our daily work into the awareness of all colleagues. This has shown a very positive impact and we have been able to stop multiple attempts to compromise our company’s information thanks to our colleague’s alertness.

Our employees training includes:

  • Compliance and data protection (i.e., GDPR): Face-to-face training for new joiners.
  • Annual cybersecurity mandatory training.
  • Variety of cybersecurity optional trainings.
  • Phishing simulations, including personal measures if these were not recognized.
  • Regular communication on interesting cybersecurity topics is sent out monthly/weekly, such as Beekeeper posts, IT newsletter, and regular updates on the Cybersecurity Hub
image

CERTIFICATIONS

Through the work of our Compliance department and data protection officers we have industry-recognized certifications including:

  • ISO 27001. Information security management
  • PCI-DSS. The Payment Card Industry Data Security Standard
  • Cyber Essentials. UK government-backed and industry supported certification to ensure bestpractice for cybersecurity
  • ISO 22301. Business continuity plans, systems, and processes
  • ISO15489-1. Records management

We conduct SOC I/II audits to evaluate and assess non-financial reporting controls as they relate to the Trust Services Criteria – the security, availability, processing integrity, confidentiality, and privacy of a system. A SOC 2 audit report helps to prove that the nonfinancial reporting controls of a service organization are fit for purpose, and appropriately protecting sensitive client data.

LEARN MORE ABOUT OUR OTHER PILLARS

Placeholder image
Placeholder image
Placeholder image
Placeholder image
v1.0.275 | 2024/02/14 09:10:27