The 7 steps

The 7 steps

Information Security
Screening of internal and external staff
Regular training and awareness sessions
Individual assessments on Information Security
Strong password policy with limited validity
Two-step access verification
Network segmentation
Systematic review of accesses and logs
Data transport via secure https protocol
Hashed passwords
Daily back-ups
Pentests at regular intervals
Systematic deletion of data 90 days after completion of screenings
Application of “Privacy by design & by default” principles
Operational excellence verified by Quality Assurance team
Business continuity planning
Compliance with applicable laws and regulations including the Swiss data protection law and GDPR
Explicit consent formalised through declaration of consent
Informed consent through transparent verification programmes and FAQ information sheets
Roles and responsibilities clearly defined
Incident Response Team
Incident reporting and alert procedures
Implementation of a continuity plan, regularly tested
Information Security
Screening of internal and external staff
Regular training and awareness sessions
Individual assessments on Information Security
Strong password policy with limited validity
Two-step access verification
Network segmentation
Systematic review of accesses and logs
Data transport via secure https protocol
Hashed passwords
Daily back-ups
Pentests at regular intervals
Systematic deletion of data 90 days after completion of screenings
Application of “Privacy by design & by default” principles
Operational excellence verified by Quality Assurance team
Business continuity planning
Compliance with applicable laws and regulations including the Swiss data protection law and GDPR
Explicit consent formalised through declaration of consent
Informed consent through transparent verification programmes and FAQ information sheets
Roles and responsibilities clearly defined
Incident Response Team
Incident reporting and alert procedures
Implementation of a continuity plan, regularly tested