Statement for Information Security Management System (ISMS)
Overall statement
Statement for the Information Security Management Systems (ISMS) at baseVISION
By implementing ISO 27001:2022, we demonstrate our commitment to information security, build trust with our customers and partners, and ensure the protection of our information assets. This standard provides a structured approach to managing information security risks, ensuring that we can operate securely and efficiently in today’s digital landscape. Your data’s security is our top priority, and we are dedicated to maintaining the highest standards to protect it. We have implemented all ISO 27001 controls which are yearly audited by an official external authority.
For more information on our compliance measures and how we are safeguarding your digital operations, please contact our CISO (ciso@basevision.ch).
Leadership
At baseVISION, we have implemented an Information Security Management System (ISMS) based on ISO 27001:2022 to ensure the highest standards of information security for our customers, partners, and ourselves. This starts with leadership commitment to actively involved in establishing, maintaining, and continually improving our ISMS. By aligning our information security policies with our strategic direction, we demonstrate our dedication protecting people, data and infrastructure.
Planning
Our proactive approach involves identifying and assessing information security risks and opportunities. By doing so, we develop effective strategies to mitigate risks and capitalize on opportunities, ensuring the data security. This planning process helps us stay ahead of potential threats and maintaining a robust security posture.
With written customer approval will we provide contract documents to approved authorities. The customer shall notify baseVISION before documents are forwarded to thrid-parties not agreed in the service contract or Statement of Work.
Support
We understand that the understanding and commitments are crucial for the successful implementation of our ISMS. We ensure that adequate resources, competence, awareness, and communication are in place. Yearly trainings ensure that our employees are well-trained and equipped with the necessary skills to handle information securely and that everyone understands their role in maintaining information security.
Operation
Operational controls play a crucial role in our Information Security Management System (ISMS). We have established comprehensive processes to achieve our information security objectives, including implementing controls to protect information assets and managing incidents effectively. This ensures that data is safeguarded and that we can respond swiftly to any security incidents.
Performance Evaluation
Regular performance evaluation to ensure that our ISMS remains effective and relevant. We continuously monitor, measure, analyze, and evaluate the performance of our ISMS to identify areas for improvement. This ongoing assessment helps us ensure that our information security objectives are met and that we can provide a high level of protection for information and data.
Improvement
Continuous improvement is a fundamental principle of our ISMS. We prioritize and take corrective actions to address nonconformities and continually improve the effectiveness of our ISMS. This commitment to improvement helps us stay ahead of emerging threats and maintain a robust information security posture. Our management regularly reviews the progress and results.
Organizational Controls
We have established robust organizational controls to manage information security risks effectively. Our clear policies and procedures ensure that we can protect data and maintain a high standards of information security.
People Controls
Our people are our greatest value in maintaining information security. We emphasize the importance of training and awareness to ensure that our employees understand their roles and responsibilities. Regular training sessions and awareness campaigns keep our team informed about the latest security threats and best practices. Our human resources department ensures security at every stage: from hiring, throughout employment, and during offboarding. We have robust processes and controls in place for security and confidentiality.
Physical Controls
We have implemented physical controls to protect our physical assets and premises. By controlling and monitoring physical access to sensitive areas, we prevent unauthorized access and potential security breaches.
Technical Controls
Our technical controls are designed to safeguard our information systems and data. We ensure that sensitive information is securely deleted when no longer needed, preventing unauthorized access and data breaches. Assessments and penetration test ensure a continuous review and improvement to counter new or emerging threats and risk.
Incident Response
We have a robust incident response plan in place to manage and mitigate information security incidents. The baseVISION SOC is equipped to handle incidents promptly and thoroughly, ensuring that any issues are resolved quickly and effectively. This proactive approach ensures that potential threats are handled swiftly and action is taken where necessary.
Threat Intelligence
We leverage threat intelligence to understand and respond to emerging threats. By collecting, analyzing, and acting on threat data, we strengthen our information security and enhance our ability to protect your data. This proactive approach ensures that we can stay ahead of potential threats.