Status Assessment and Qualified Recommendations

Since 2018, the Federal Office for National Economic Supply (FONES) and numerous industry associations have recommended the implementation of the ICT Minimum Standard. For some industries, the standard is even mandatory: for Swiss energy providers since July 1, 2024, and for gas providers likely from July 1, 2025. This ensures your organization is optimally protected against cyber risks. As an independent consulting company, Redguard supports you in assessing your security level and develops a tailored implementation plan for your organization. With a systematic approach and attention to your organization's needs, we help you implement the ICT Minimum Standard efficiently.

Selected references on the subject

ICT Minimum Standard Status Assessment

Our specialists determine the maturity level of your organization according to the ICT Minimum Standard. We follow a systematic approach that considers not only the size (e.g., large companies, SMEs) but also the specific risk-based approach of your organization. Based on the status assessment, a current-to-target analysis (gap analysis) can be conducted. This identifies the areas requiring action within your organization and allows for the creation of an implementation plan.

Assessment process:

  1. Joint definition of the requirements for the status assessment, project plan, and identification of interview partners
  2. You provide us with all relevant information for document review in advance
  3. We conduct on-site interviews with relevant leaders, specialists, and key service providers
  4. We analyze your current situation against the ICT Minimum Standard
  5. Presentation of results (on-site or remote) including concrete recommendations for action

Implementation of the ICT Minimum Standard

According to the risk-based approach of your organization, the ICT Minimum Standard allows for a degree of flexibility. We assist you in developing and implementing a pragmatic and cost-effective approach to comply with the ICT Minimum Standard, tailored to the specific conditions of your organization (e.g., personnel and financial resources).

Compliance with the ICT Minimum Standard

Security is not a state that can be achieved once and for all. Rather, cyber security is a process that must be practiced, regularly reviewed, and improved. We help you not only comply with the standard but also establish a process tailored to your needs to continuously optimize your maturity level. The goal is to sustainably protect your organization against cyberattacks and ensure long-term compliance with the ICT Minimum Standard.

Industry Standards

The ICT Minimum Standard serves as a recommendation and possible guideline for improving ICT resilience. It is primarily aimed at operators of critical infrastructures. However, it is also applicable to any company or organization and freely available.

To facilitate the application of the minimum standard in critical sectors, the Economic Supply of Switzerland, in collaboration with industry associations of the affected sectors, has established the minimum standard to address the specificities of certain sectors. This effort led to the development of sector-specific minimum standards for the following sectors:

  1. Water Supply
  2. Sewage
  3. Food
  4. Gas Supply – mandatory from July 1, 2025
  5. Public Transport
  6. Electricity – mandatory since July 1, 2024
  7. Waste Disposal
  8. District Heating and Cooling

The Benefits of an ICT Minimum Standard Assessment

  • You have access to a team of security experts with various specializations and years of experience
  • Certainty about the security level of your organization according to the ICT Minimum Standard
  • Independent and neutral assessment of your cyber security maturity level
  • Customized and pragmatic implementation plan
  • Compliance with the ICT Minimum Standard and ensuring state-of-the-art cyber security
  • Flexible, scalable, and pragmatic: We adapt to your needs and constraints

If you have any questions or need assistance improving your cyber security framework, we welcome your contact