European, secure, compliant

Which standards does Safe Swiss Cloud comply with?

Safe Swiss Cloud complies with the ISO27001, BAFIN/BAIT, FINMA RS 2018/3, GDPR, PCI-DSS, HIPAA standards and guarantees our customers data sovereignty.
The data of our customers are subject to the strictest data protection. Swiss and EU law prohibits the transfer of customer data to third parties without the consent of the customer. We strictly adhere to this.

ISO 27001 – Information Security Managment

Safe Swiss Cloud has had the ISO 27001 certification for Information Security Management Systems, which includes compliance with the ISO 27018 standard for Personally Identifiable Information (PII) in the cloud since 2015.

It has been audited and had its certification confirmed every year since then.

ISO/IEC 27001:2013 specifies the requirements for the creation, implementation, maintenance and continuous improvement of the information security management system in an organisation. For further details please visit the official ISO 27001 website.

ISO 27018 – Code of practice for protection of Personally Identifiable Information (PII) in public clouds acting as PII processors

ISO/IEC 27018:2014 defines generally accepted control objectives, controls and guidelines for implementation measures to ensure that personal data is protected in accordance with the privacy principles of ISO/IEC 29100 for Public Cloud Computing Environments. For more details, please visit the official ISO 27018 website. It is an extension of and part of the ISO 27001 certification.

ISO 27017 – Code of practice for information security controls based on ISO/IEC 27002 for cloud services

This standard provides guidance on the information security aspects of cloud computing, recommending and assisting with the implementation of cloud-specific information security controls supplementing the guidance in ISO/IEC 27002 and other ISO27k standards.

The code of practice provides additional information security controls implementation advice beyond that provided in ISO/IEC 27002, in the cloud computing context.

The standard advises both cloud service customers and cloud service providers, with the primary guidance laid out side-by-side in each section.

FINMA Circular 2018/3 – Outsourcing Banks

Circular 2018/3 of the Swiss Financial Market Supervisory Authority (FINMA) describes the conditions under which outsourcing solutions are compliant with requirements for appropriate service providers, banking secrecy and data protection. The official FINMA Circular can be downloaded here as a pdf file.

BAFIN / BAIT: Circular 10/2017 (BA): Supervisory Requirements for IT in Financial Institutions

Circular 10/2017 (BA) of BAFIN, the German financial markets regulator describes the supervisory requirements for IT in financial institutions. Safe Swiss Cloud is compliant with these requirements.

HIPAA – Health Insurance Portability and Accountability Act

The Health Insurance Portability and Accountability Act (HIPAA) sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.

PCI DSS – Payment Card Industry Data Security Standard

The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.

The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). It also addresses the transfer of personal data outside the EU and EEA areas.

Which data centers are used?

Safe Swiss Cloud uses its own data centers in Switzerland.

Which laws are applicable?

The Swiss Federal Law on Data Protection: SR 235.1 requires respect for the privacy of individuals and companies. Accordingly, Safe Swiss Cloud’s computing resources and data are only available to our customers or to parties authorized by them.

The decision of the European Commission 2000/518/EC (Official Journal L 215/1 of 25.8.2000) states that Swiss law provides adequate protection for personal data and data transfers from member states to Switzerland (Art. 25(1) of the EU Directives).

This means that Safe Swiss Cloud is the optimal choice for European companies that want to ensure compliance with EU data protection directives.

Compliance with Safe Swiss Cloud

Learn more about what to focus on if you have compliance requirements for your cloud hosting.

Request a Compliance Briefing

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Analytics" category .
cookielawinfo-checkbox-marketing	1 year	This cookie is set by the GDPR Cookie Consent plugin to store the user consent for the cookies in the category "Marketing".
cookielawinfo-checkbox-necessary	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Necessary" category .
JSESSIONID	session	Used for Cross Site Request Forgery (CSRF) protection
sdsc	session	Signed data service context cookie used for database routing to ensure consistency across all databases when a change is made. Used to ensure that user-inputted content is immediately available to the submitting user upon submission
viewed_cookie_policy	1 year	The cookie is set by the GDPR Cookie Consent plugin to store whether or not the user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_ga_D83559EP8M	2 years	This cookie is installed by Google Analytics.
browser_id	5 years	This cookie is used for identifying the visitor browser on re-visit to the website.

Cookie	Duration	Description
bcookie	1 year	Browser Identifier cookie to uniquely indentify devices accessing LinkedIn to detect abust on the platform and diagnostic purposes
bscookie	1 year	Used for remembering that a logged in user is verified by two factor authentication
lang	session	Used to remember a user's language setting to ensure LinkedIn.com displays in the language selected by the user in their settings
li_gc	6 months	Used to store consent of guests regarding the use of cookies for non-essential purposes
li_mc	6 months	Used as a temporary cache to avoid database lookups for a member's consent for use of non-essential cookies and used for having consent information on the client side to enforce consent on the client side
lidc	24 hours	To facilitate data center selection