Compliance & Risk Management

Secure & Compliant

Increasing legal and regulatory requirements necessitate sweeping security measures and structures that are designed for the ongoing assessment of risks and the implementation of corrective measures where necessary. We advise you on compliance with legal and regulatory requirements, as well as on the establishment of management systems to ensure long-term conformity.

Selected references on the subject

Standards and regulations supported by us

  • ISO/IEC 27001
  • ISO/IEC 27002
  • ISO/IEC 27005
  • ISO 22301
  • ISO/IEC 27701
  • IEC62443
  • BSI basic IT protection
  • NIST Cyber Security Framework
  • NIST Privacy Framework
  • EPD-TOZ
  • GxP Compliance
  • GAMP 5
  • COBIT
  • PCI-DSS
  • ICT Minimum Standard
  • FINMA circular
  • OWASP
  • PTES
  • General IT checks (ITGC)
  • Data Protection Act (DSG)
  • GDPR
  • CSA CAIQ
  • BSI C5
  • Directives and circulars of the Swiss Federal Social Insurance Office (BSV)
  • SWIFT

Our Services

Request offer

  • Risk management

    Risk management helps in the continuous identification of risks, their systematic assessment and processing, as well as in the transparent and comprehensive communication of residual risks. We join with you to define or optimize your risk management processes, including the following areas:

    • Establishment or optimization of risk management
    • Definition of processes for the identification, assessment, processing and communication of risks
    • Preparation of risk analyses for projects or organizations
    • Methodical and content support or the organization of workshops for risk identification and assessment
    • Handling of risk management activities

  • ICT Minimum Standard

    The ICT Minimum Standard is a comprehensive framework for protecting your organization against cyber risks.

    We support you in determining the maturity level of your organization. By assessing the status quo in the regard to the ICT Minimum Standard, we evaluate whether you are already compliant or vulnerabilities continue to exist. If the latter applies, we develop a pragmatic action plan that equips you to establish a security process within your organization and hence to comply with the ICT Minimum Standard in the long term.

  • Compliance assessment & management

    Our security specialists review the fulfillment of legal and regulatory requirements within the framework of the compliance assessment. Structured as a gap analysis, you receive an independent assessment of current implementation levels, as well as a set of recommendations to ensure compliance.

    We will gladly support you in the assessment of requirements defined by relevant laws or regulations and collaborate with your specialists to ensure an optimized structure. This is how we lay the foundations for effective and efficient implementation.

    Where necessary, our security specialists translate the requirements into the current information security management system or establish a suitable policy.

  • Support for certification

    We support you in building and certifying data protection and information security management systems according to ISO/IEC 27001, EPDG and VDSZ. In this regard, we ensure ideal preparation for upcoming certification and accompany the audits until successful completion of the certification process.