Compliance

As a company committed to the highest standards of information security, is baseVISION and the baseVISION SOC ISO 27001:2013 certified. This certification underscores our dedication to implementing robust security controls and maintaining the integrity of our information management systems. In addition to adhering to ISO 27001 requirements, we have integrated controls from other critical standards such as NIS2, DORA, and the IKT-Minimalstandard. By aligning our practices with these frameworks, we ensure comprehensive protection against evolving cyber threats and regulatory compliance across multiple jurisdictions. We use this broad knowledge and experience internally as well for in our customers engagements to fulfill and support their compliance requirements.

How ISO 27001 certification helps our company to comply with key standards and regulations

Our ISO 27001 certified Information Security Management System (ISMS) demonstrates our commitment to information security but also helps in complying with various other standards and regulations. On this page we explain how ISMS aligns with other regulations and standards like NIS2, IKT Minimalstandard, or DORA.

Our commitment to regulations and standards

ISO 27001- The Foundation of Information Security

The certification is an internationally recognized standard that provides a framework for establishing, implementing, maintaining, and continually improving an ISMS. It ensures that organizations can manage the security of assets such as financial information, intellectual property, employee details, and information entrusted by third parties.

In achieving and maintaining the  ISO 27001 certification, baseVISION has shown and shows its capabilities and willingness to fulfill international security standards and regulations. The standard has 93 controls in information security and covers topic throughout the whole company. Some of the most relevant topics:

  • Organization and management commitment

  • Process risk assessments and implement controls to mitigate identified risks

  • Establish policies and procedures to manage information security

  • Monitor and review the ISMS regularly to ensure its effectiveness

  • Undergo regular internal audits and management reviews

NIS2 - Enhancing Cybersecurity for Critical Infrastructure

The NIS2 Directive aims to improve the cybersecurity of critical infrastructure within the EU, ensuring the resilience of networks and information systems against cyber threats.

The ISMS allows us to fulfill NIS 2 requirements like:

  • Risk Management: ISO 27001 requires regular risk assessments, which align with NIS2’s emphasis on managing cybersecurity risks.

  • Incident Reporting: The standard’s requirement foer incident management procedures supports NIS2’s need for prompt incident reporting.

  • Supply Chain Security: ISO 27001’s focus on third-party security helps ensure compliance with NIS2’s supply chain security requirements.

  • Regular Audits: The internal audit requirements of ISO 27001 align with NIS2’s need for regular security audits.

IKT Minimalstandard - Basic ICT Security in Switzerland

The “IKT Minimalstandard” sets the minimum requirements for ICT security in Switzerland, ensuring that organizations implement basic security measures to protect their ICT infrastructure and data.

With our ISO 27001 ISMS we fulfill “IKT Minialstandard” requirements like:

  • Risk Assessments: Regular risk assessments required by ISO 27001 ensure that security measures are updated to address new threats.

  • Data Security: ISO 27001’s focus on data protection through encryption and access controls aligns with IKT Minimalstandard requirements.

  • Baseline Security Measures: ISO 27001’s controls include fundamental security measures such as firewalls, antivirus software, and encryption, which are essential for IKT Minimalstandard compliance.

  • Incident Response: The standard’s incident response procedures help organizations meet IKT Minimalstandard’s requirements for monitoring and responding to security incidents.

DORA - Ensuring Operational Resilience in Financial Entities

The Digital Operational Resilience Act (DORA) aims to ensure the operational resilience of financial entities within the EU, addressing the risks associated with digital transformation and the increasing reliance on ICT systems.

With our ISO 27001 ISMS do we fulfill DORA requirements like:

  • ICT Risk Management: ISO 27001’s comprehensive risk management framework supports DORA’s requirements for managing ICT risks.

  • Business Continuity: The standard’s focus on ensuring the availability and resilience of critical ICT systems aligns with DORA’s business continuity requirements.

  • Testing and Assessments: Regular testing and assessments of ICT systems required by ISO 27001 help meet DORA’s requirements for identifying and addressing vulnerabilities.

  • Incident Reporting: ISO 27001’s incident management procedures support DORA’s need for reporting significant ICT-related incidents.

Conclusion

The  ISO 27001 certification not only strengthens our baseVISION security posture but also helps in complying with other critical standards and regulations such as NIS2, IKT Minimalstandard, and DORA. With the implementation of the certified ISMS can we ensure  a robust cybersecurity, protect critical infrastructure, and maintain operational resilience for information security.

Contact

Please contact our CISO or DPO if you have any questions about baseVISION’s regulations and standard compliance.