Angemeldet als:
filler@godaddy.com
Angemeldet als:
filler@godaddy.com
For our clients, outsourcing means trusting external teams. We do everything we can to justify this trust. With our name we stand for Swiss Quality, Security and Reliability.
Our US clients benefit from this know-how - the Highest Quality and Perfection for their Software Development and their IT.
Business objectives drive globalization, transforming operational models and organizational structures. As technology today is evolving faster than anything else Security and Qualitytoday has become the earnest concern for our business’s relationships.
With digitization kicking fast in various business verticals it has fueled a need to evaluate security systems for organizations of all categories. This is not only part of our way of thinking but the foundation of our business model.
IT Quality with us
With our support you can give your digital assets a performance boost in a safe and secure way!
The special quality of our services and processes knows only one criterion: the high demands and expectations that our clients and we as IT specialists have of ourselves.
Our SwissShore quality management ensures compliance with the special requirements of quality assurance as well as an effective security concept.
In addition, quality management ensures that our very high level of process quality and the services offered to our clients are maintained. All relevant and valid certification systems form the basis for our integrated quality management.
SwissShore's services in software development, infrastructure management, and information security have earned them a sound reputation as a trustworthy business partner with the highest quality, precision, and security for which Switzerland is best known.
Quality is more than the standardization of quality standards only.
Quality is also
SwissShore's services in software development, infrastructure management, and information security have earned them a sound reputation as a trustworthy business partner with the highest quality, precision, and security for which Switzerland is best known.
Quality is more than the standardization of quality standards only.
Quality is also to take responsibility in all working, acting, doing.
We take responsibility about all our clients, projects, employees, and the environment.
This is the unwritten fundament our understanding of quality is based on.
On 25 September 2020, the Swiss Parliament adopted the revised Federal Act on Data Protection (FADP-new).
The Federal Council will decide on the entry into force after the 100-day referendum period has expired. This article summarizes the most significant changes for companies.
At a glance
On 25 September 2020, the Swiss Parliament adopted the revised Federal Act on Data Protection (FADP-new).
The Federal Council will decide on the entry into force after the 100-day referendum period has expired. This article summarizes the most significant changes for companies.
At a glance
Within these four areas, there are actually 14 specific FISMA requirements that vendors, partners, and contractors need to address:
Within these four areas, there are actually 14 specific FISMA requirements that vendors, partners, and contractors need to address:
Summarizing in short:
The Federal Information Security Modernization Act of 2014 (FISMA 2014) updates the Federal Government's cybersecurity practices by:
FISMA 2014 codifies the Department of Homeland Security’s role in administering the implementation of information security policies for federal Executive Branch civilian agencies, overseeing agencies’ compliance with those policies, and assisting OMB in developing those policies.
The legislation provides the Department authority to develop and oversee the implementation of binding operational directives to other agencies, in coordination and consistent with OMB policies and practices.
It also:
The Federal Information Security Modernization Act of 2014 amends the Federal Information Security Management Act of 2002 (FISMA).
ISO9001 sets out the criteria for a quality management system and is the only standard in the family that can be certified to (although this is not a requirement). It can be used by any organization, large or small, regardless of its field of activity. In fact, there are over one million companies and organizations in over 170 countries c
ISO9001 sets out the criteria for a quality management system and is the only standard in the family that can be certified to (although this is not a requirement). It can be used by any organization, large or small, regardless of its field of activity. In fact, there are over one million companies and organizations in over 170 countries certified to ISO9001.
This standard is based on a number of quality management principles including a strong customer focus, the motivation and implication of top management, the process approach and continual improvement. These principles are explained in more detail in ISO’s quality management principles. Using ISO9001 helps ensure that customers get consistent, good-quality products and services, which in turn brings many business benefits.
Checking that the system works is a vital part of ISO9001. It is recommended that an organization performs internal audits to check how its quality management system is working.
An organization may decide to invite an independent certification body to verify that it is in conformity to the standard, but there is no requirement for this.
Alternatively, it might invite its clients to audit the quality system for themselves.
ISO/IEC 17050-1:2004 specifies general requirements for a supplier's declaration of conformity in cases where it is desirable, or necessary, that conformity of an object to the specified requirements be attested, irrespective of the sector involved.
ISO/IEC 17050 has been developed with the objective of providing general requirements for a
ISO/IEC 17050-1:2004 specifies general requirements for a supplier's declaration of conformity in cases where it is desirable, or necessary, that conformity of an object to the specified requirements be attested, irrespective of the sector involved.
ISO/IEC 17050 has been developed with the objective of providing general requirements for a supplier’s declaration of conformity.
It addresses one of the three types of attestation of conformity, namely attestation undertaken by the first party (e.g. the supplier of a product). Other types are second-party attestation (e.g. where a user issues an attestation for the product the user is using) or third-party attestation. Each of these three types is used in the market in order to increase confidence in the conformity of an object.
This part of ISO/IEC 17050 specifies requirements applicable when the individual or organization responsible for fulfilment of specified requirements (supplier) provides a declaration that a product (including service), process, management system, person or body is in conformity with specified requirements, which can include normative documents such as standards, guides, technical specifications, laws and regulations. Such a declaration of conformity can also make reference to the results of assessments by one or more first, second or third parties. Such references are not to be interpreted as reducing the responsibility of the supplier in any way.
These general requirements are applicable to all sectors. However, these requirements might need to be supplemented for specific purposes, for example for use in connection with regulations.
A supplier's declaration of conformity of a product (including service), process, management system, person or body to specified requirements can be substantiated by supporting documentation under the responsibility of the supplier.
ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or inform
ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.
Like other ISO management system standards, certification to ISO/IEC 27001 is possible but not obligatory. Some organizations choose to implement the standard in order to benefit from the best practice it contains while others decide they also want to get certified to reassure customers and clients that its recommendations have been followed.
ISO (in general) does not perform certification.
ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.
The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size, or nature.
CSA Security Trust Assurance and Risk (STAR) - Security on the Cloud Verified.
The industry's most powerful program for security assurance in the cloud.
The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best prac
CSA Security Trust Assurance and Risk (STAR) - Security on the Cloud Verified.
The industry's most powerful program for security assurance in the cloud.
The Security Trust Assurance and Risk (STAR) Program encompasses key principles of transparency, rigorous auditing, and harmonization of standards. Companies who use STAR indicate best practices and validate the security posture of their cloud offerings.
The STAR registry documents the security and privacy controls provided by popular cloud computing offerings. This publicly accessible registry allows cloud customers to assess their security providers in order to make the best procurement decisions.
What is the GDPR? Europe’s new data privacy and security law includes hundreds of pages’ worth of new requirements for organizations around the world. This GDPR overview will help you understand the law and determine what parts of it apply to you.
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the
What is the GDPR? Europe’s new data privacy and security law includes hundreds of pages’ worth of new requirements for organizations around the world. This GDPR overview will help you understand the law and determine what parts of it apply to you.
The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU. The regulation was put into effect on May 25, 2018.
The GDPR will levy harsh fines against those who violate its privacy and security standards, with penalties reaching into the tens of millions of euros.
With the GDPR, Europe is signaling its firm stance on data privacy and security at a time when more people are entrusting their personal data with cloud services and breaches are a daily occurrence. The regulation itself is large, far-reaching, and fairly light on specifics, making GDPR compliance a daunting prospect, particularly for small and medium-sized enterprises (SMEs).
As the GDPR continues to be interpreted, we’ll keep it up to date on evolving best practices.
Data protection principles
Accountability
The GDPR says data controllers have to be able to demonstrate they are GDPR compliant. And this isn’t something you can do after the fact: If you think you are compliant with the GDPR but can’t show how, then you’re not GDPR compliant. Among the ways you can do this:
Data security
It is required to handle data securely by implementing “appropriate technical and organizational measures.”
Technical measures mean anything from requiring your employees to use two-factor authentication on accounts where personal data are stored to contracting with cloud providers that use end-to-end encryption.
Organizational measures are things like staff trainings, adding a data privacy policy to your employee handbook, or limiting access to personal data to only those employees in your organization who need it.
If there is a data breach, companies have 72 hours to tell the data subjects or face penalties.
Data protection by design and by default
From now on, everything companies do in their organization must, “by design and by default,” consider data protection. Practically speaking, this means companies must consider the data protection principles in the design of any new product or activity. The GDPR covers this principle in Article 25.
Consent
There are strict new rules about what constitutes consent from a data subject to process their information.
Conclusion
We’ve just covered all the major points of the GDPR in a little less than 800 words. The regulation itself (not including the accompanying directives) is 88 pages.
For any further feel free to contact us.
PCI SECURITY STANDARDS OVERVIEW
The PCI Security Standards Council touches the lives of hundreds of millions of people worldwide. A global organization, it maintains, evolves and promotes Payment Card Industry standards for the safety of cardholder data across the globe.
The PCI Security Standards Council (PCI SSC) is a global forum that br
PCI SECURITY STANDARDS OVERVIEW
The PCI Security Standards Council touches the lives of hundreds of millions of people worldwide. A global organization, it maintains, evolves and promotes Payment Card Industry standards for the safety of cardholder data across the globe.
The PCI Security Standards Council (PCI SSC) is a global forum that brings together payments industry stakeholders to develop and drive adoption of data security standards and resources for safe payments worldwide.
PCI Security Standards are developed specifically to protect payment account data throughout the payment lifecycle and to enable technology solutions that devalue this data and remove the incentive for criminals to steal it. They include standards for merchants, service providers, and financial institutions on security practices technologies and processes, and standards for developers and vendors for creating secure payment products and solutions.
We have been audited about our PCI conformity!
Swiss Quality in Outsourcing!
[Grüezi = "Greetings" in SwissGerman]