Sovereign, Secure, Compliant
ISO Security Certifications and Compliance with Industry Standards
Certified security and compliance
Safe Swiss Cloud specializes in cloud computing, IT operations and IT security services. As a leading provider of IT infrastructure outsourcing and hosting for companies with high data protection standards and strict compliance requirements, we all meet applicable standards and certifications that ensure the data security and data sovereignty of our customers.
Safe Swiss Cloud is 100% Swiss
- The company is a privately owned Swiss business.
- Our data centers are all located in Switzerland.
This allows us to guarantee the data sovereignty of our customers, as we do not fall under the Cloud Act or other regulations that could affect the data sovereignty of our customers.
Safe Swiss Cloud uses 100% renewable electricity for cloud computing & IT services
Our data centers have been using 100% renewable electricity from water and wind for more than ten years. Since 2024 we have been TÜV certified according to «TÜV SÜD Standards CMS 89 Accounting Renewable Energies (08/2018)». In this way, we support our customers in reducing their CO2 footprint.
We are a member of Swiss Hosting. Find out about the advantages of Swiss Made Hosting here. See our listing on the Swiss Made Software platform.
Overview
Below you will find an overview of our certifications and the standards we comply with.
Safe Swiss Cloud is certified safe & compliant
Certificates
ISO 27001
Information Security Managment
ISO 27017
Code of practice for information security controls based on ISO/IEC 27002 for cloud services
ISO 27018
Code of practice for protection of Personally Identifiable Information (PII) in public clouds acting as PII processors
100% renewable electricity
TÜV SÜD Standards CMS 89 Accounting: 100% renewable electricity
Security, privacy, data protection and compliance
GDPR
General Data Protection Regulation of the European Union
DSG
Swiss Data Protection Act for the Protection of Personal Data
FINMA RS 2018/3
Outsourcing for banks according to the Swiss Financial Market Supervisory Authority (FINMA)
BAFIN/BAIT
Circular of the German Federal Financial Supervisory Authority
DORA
European Digital Operational Resilience Act for the Financial Sector
FMH
FMH recommendations for doctors on the DSG
HIPAA
Health Insurance Portability and Accountability Act
GxP
Good Clinical, Laboratory, and Manufacturing Practices
C5
Cloud Computing Compliance Criteria Catalogue of the German Federal Office for IT Security
NIS2
Network and Information Security Directive 2 of the European Union
Zertifikate
Internationally recognized certifications for the highest security, data protection and sustainability standards.
ISO 27001
Information Security Managment
Safe Swiss Cloud has had the ISO 27001 certification for Information Security Management Systems, which includes compliance with the ISO 27018 standard for Personally Identifiable Information (PII) in the cloud since 2015.
It has been audited and had its certification confirmed every year since then.
ISO/IEC 27001:2022 specifies the requirements for the creation, implementation, maintenance and continuous improvement of the information security management system in an organisation. For further details please visit the official ISO 27001 website.
ISO 27017
Code of practice for information security controls based on ISO/IEC 27002 for cloud services
This standard provides guidance on the information security aspects of cloud computing, recommending and assisting with the implementation of cloud-specific information security controls supplementing the guidance in ISO/IEC 27002 and other ISO27k standards.
The code of practice in this standard provides additional information security controls implementation advice beyond that provided in ISO/IEC 27002, in the cloud computing context.
The standard advises both cloud service customers and cloud service providers, with the primary guidance laid out side-by-side in each section.
ISO 27018
Code of practice for protection of Personally Identifiable Information (PII) in public clouds acting as PII processors
ISO/IEC 27018:2019 defines generally accepted control objectives, controls and guidelines for implementation measures to ensure that personal data is protected in accordance with the privacy principles of ISO/IEC 29100 for Public Cloud Computing Environments. For more details, please visit the official ISO 27018 website. It is an extension of and part of the ISO 27001 certification.
Renewable Energy
TÜV SÜD Standards CMS 89 Accounting Renewable Energies
Our data centers have been using 100% renewable electricity from water and wind for more than ten years. Since 2024 we have been TÜV certified according to «TÜV SÜD Standards CMS 89 Accounting Renewable Energies (08/2018)». In this way, we support our customers in reducing their CO2 footprint.
Security, data protection and compliance
Safe Swiss Cloud guarantees compliance with strict legal and industry-specific standards for maximum data security and regulatory compliance.
GDPR
General Data Protection Regulation (EU)
The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas.
Swiss DPA
The Swiss Federal Act on Data Protection (FADP or DPA) is compatible with the EU’s GDPR regulations and specifies the laws governing the privacy of individual data in Switzerland.
FINMA Circular 2018/3
Outsourcing Banks
Circular 2018/3 of the Swiss Financial Market Supervisory Authority (FINMA) describes the conditions under which outsourcing solutions are compliant with requirements for appropriate service providers, banking secrecy and data protection. The official FINMA Circular can be downloaded here as a pdf file.
BAFIN / BAIT: Circular 10/2017 (BA)
Supervisory Requirements for IT in Financial Institutions
Circular 10/2017 (BA) of BAFIN, the German financial markets regulator describes the supervisory requirements for IT in financial institutions. Safe Swiss Cloud is compliant with these requirements.
DORA
Digital Operational Resilience in the Financial Sector
The DORA Regulation (Digital Operational Resilience Act) is an EU-wide regulation to strengthen digital operational resilience in the financial sector, which has been mandatory since 17 January 2025. It requires financial institutions and their ICT third-party service providers to meet uniform standards for ICT risk management, incident reporting, and the resilience of critical IT systems.
FMH Recommendations for doctors
The FMH is Switzerland’s professional association for doctors. The FMH has published details of what doctors, medical practitioners and healthcare services have to consider in order to be compliant with the Swiss DPA (German only).
Safe Swiss Cloud meets these requirements.
HIPAA
Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.
GxP
Good Clinical, Laboratory, and Manufacturing Practices
Quality standards and guidelines applied in the pharmaceutical, biotechnology and food industries, but also in other regulated industries such as medical technology and the cosmetics industry.
C5
Cloud Computing Compliance Criteria Catalogue
Germany’s leading standard for testing and certifying the security of cloud services, developed by the Federal Office for Information Security (BSI). The C5 catalog covers all core areas of cloud security – organizational, technical and procedural controls – and includes topics such as data protection, physical security, governance and incident management
NIS2
Securing network and information systems
The NIS2 Directive is an EU-wide regulation to strengthen the cybersecurity and resilience of network and information systems, which has been in force since the 17th century. October 2024 is valid. It extends the scope of the previous NIS Directive to a wider range of sectors in the private and public sectors.
Applicable laws
The Swiss Federal Law on Data Protection: SR 235.1 requires respect for the privacy of individuals and companies. Accordingly, Safe Swiss Cloud’s computing resources and data are only available to our customers or to parties authorized by them.
The decision of the European Commission 2000/518/EC (Official Journal L 215/1 of 25.8.2000) states that Swiss law provides adequate protection for personal data and data transfers from member states to Switzerland (Art. 25(1) of the EU Directives).
This means that Safe Swiss Cloud is the optimal choice for European companies that want to ensure compliance with EU data protection directives.
Get in touch
Contact us for a non-binding compliance briefing and find out:
- Which standards and certificates are necessary for secure and confident cloud computing.
- How we help you ensure compliance requirements for your cloud infrastructure and applications.
FAQ
Frequently Asked Questions
Safe Swiss Cloud takes many steps to ensure the security of our customer’s data and computing resources:
- Keep the operating systems on the all the hosts of our cloud systems up to date.
- Two factor authentication TFA for access to cloud management systems.
- Keeping the cloud systems up to date.
- Physical security at the data centres.
- Regular network scans to detect irregularities.
- Regular employee security training.
- Regular reviews of access rights.
In addition, customers who delegate (parts of) their IT Operations to Safe Swiss Cloud benefit from the following:
- Anti-Malware installed on the customer’s servers.
- Security Operations Center (SOC): monitoring with daily review of security events.
- Regular backups to separate, independent systems which are out of reach for Ransomware.
- Managed firewalls.
- Penetration tests and vulnerability scans.
- Two factor authentication TFA for access to customer’s servers (VMs).
- Regular security updates (“patching”) of customer servers (VMs).
- Proactive customer confirmation of allowed users.
The above and our internal security processes are documented according to ISO 27001, 27017, 27018. They are audited and certified annually.
GDPR – General Data Protection Regulation: the European Union’s data privacy framework
Swiss Financial Markets Authority: FINMA Circular 2018/3 – Outsourcing Banks (PDF)
German Federal Financial Supervisory Authority: BAFIN / BAIT: Circular 10/2017 (BA): Supervisory Requirements for IT in Financial Institutions (PDF)
ISO 27001 / 27018: Information Security Management and PII in the cloud. Verify the official ISO certification of Safe Swiss Cloud at TüV Rheinland’s Certipedia page.
All computing resources and data are in Safe Swiss Cloud’s own world class data centers in Switzerland. In the heart of Europe, Switzerland is politically and geographically one of the most stable countries in the world.
Our processes and data centers have the appropriate certifications required for the compliance of businesses large and small.
Safe Swiss Cloud is a great choice for European companies and organisations who want to ensure compliance with EU data protection / GDPR.
Respect for the privacy of individual and company data is required by Swiss law: SR 235.1 Federal Act on Data Protection. Safe Swiss Cloud computing resources and data are accordingly only accessible to our client or parties authorized by them.
Safe Swiss Cloud is compliant with the European Union’s (EU) comprehensive data protection laws, GDPR. For more details about European Union’s GDPR, visit this European Commission page.
As a 100% Swiss owned company, Safe Swiss Cloud is bound only by Swiss, European and accepted International legal practice.
The European Union (EU) considers Swiss data protection to be adequate to allow individuals and businesses in the EU to use Swiss based data processing. This makes Safe Swiss Cloud a good choice for EU companies who want to ensure compliance with the EU’s GDPR data protection directives.