Security, Privacy, Compliance
-
How is Security Implemented at Safe Swiss Cloud?
Safe Swiss Cloud takes many steps to ensure the security of our customer’s data and computing resources:
- Keep the operating systems on the all the hosts of our cloud systems up to date.
- Two factor authentication TFA for access to cloud management systems.
- Keeping the cloud systems up to date.
- Physical security at the data centres.
- Regular network scans to detect irregularities.
- Regular employee security training.
- Regular reviews of access rights.
In addition, customers who delegate (parts of) their IT Operations to Safe Swiss Cloud benefit from the following:
- Anti-Malware installed on the customer’s servers.
- Security Operations Center (SOC): monitoring with daily review of security events.
- Regular backups to separate, independent systems which are out of reach for Ransomware.
- Managed firewalls.
- Penetration tests and vulnerability scans.
- Two factor authentication TFA for access to customer’s servers (VMs).
- Regular security updates (“patching”) of customer servers (VMs).
- Proactive customer confirmation of allowed users.
The above and our internal security processes are documented according to ISO 27001, 27017, 27018. They are audited and certified annually.
-
Which regulatory frameworks is Safe Swiss Cloud compliant with?
GDPR – General Data Protection Regulation: the European Union’s data privacy framework
Swiss Financial Markets Authority: FINMA Circular 2018/3 – Outsourcing Banks (PDF)
German Federal Financial Supervisory Authority: BAFIN / BAIT: Circular 10/2017 (BA): Supervisory Requirements for IT in Financial Institutions (PDF)
ISO 27001 / 27018: Information Security Management and PII in the cloud. Verify the official ISO certification of Safe Swiss Cloud at TüV Rheinland’s Certipedia page.
-
Which data centres do you use?
All computing resources and data are in Safe Swiss Cloud’s own world class data centers in Switzerland. In the heart of Europe, Switzerland is politically and geographically one of the most stable countries in the world.
Our processes and data centers have the appropriate certifications required for the compliance of businesses large and small.
Safe Swiss Cloud is a great choice for European companies and organisations who want to ensure compliance with EU data protection / GDPR.
-
Which laws apply to Safe Swiss Cloud infrastructure and hosting?
Respect for the privacy of individual and company data is required by Swiss law: SR 235.1 Federal Act on Data Protection. Safe Swiss Cloud computing resources and data are accordingly only accessible to our client or parties authorized by them.
Safe Swiss Cloud is compliant with the European Union’s (EU) comprehensive data protection laws, GDPR. For more details about European Union’s GDPR, visit this European Commission page.
As a 100% Swiss owned company, Safe Swiss Cloud is bound only by Swiss, European and accepted International legal practice.
The European Union (EU) considers Swiss data protection to be adequate to allow individuals and businesses in the EU to use Swiss based data processing. This makes Safe Swiss Cloud a good choice for EU companies who want to ensure compliance with the EU’s GDPR data protection directives.