Compliance and security
For us at baseVISION, compliance is not a single process but a fundamental part of our identity.
We are committed to ensuring that our services, internal processes, and security standards always meet the highest regulatory and ethical requirements. We understand compliance not just as a duty but as a responsibility towards our clients, our employees, and the entire digital world in which we operate.
Our goal is to build trust through transparent processes, consistent implementation of policies, and a culture where integrity and security always come first.
As a company committed to the highest standards of information security, baseVISION and the baseVISION SOC are ISO 27001:2022 certified. This certification underscores our commitment to implementing robust security controls and maintaining the integrity of our information management systems. In addition to complying with ISO 27001 requirements, we have integrated controls from other important standards such as NIS2, DORA, and the ICT Minimal Standard. By aligning our practices with these frameworks, we ensure comprehensive protection against evolving cyber threats and compliance with legal regulations in various jurisdictions. We leverage this extensive knowledge and experience both internally and on behalf of our clients to meet and support their compliance requirements.
ISMS(ISO 27001)
The foundation of information security
ISMS(ISO 27001)
The foundation of information security
ISO 27001 is an internationally recognized standard for establishing, operating, and continuously improving an ISMS. It ensures that organizations protect assets such as financial data, intellectual property, employee data, and confidential third-party information in a structured manner. With the ISO 27001 certification, baseVISION demonstrates its ability to meet international security requirements. The standard includes 93 security controls that affect all areas of the company.
Central topics are:
- Organization and commitment of company management
- Conducting risk assessments and implementing appropriate measures
- Establishing and maintaining policies and processes for information security
- Regular monitoring and evaluation of the effectiveness of the ISMS
- Internal audits and management reviews
How ISO 27001 certification helps us comply with other standards and regulations
Our certified Information Security Management System (ISMS) underscores our commitment to information security while also supporting compliance with other requirements such as NIS2, ICT Minimal Standard, or DORA. On this page, we show how our ISMS meets these requirements.
NIS2
NIS2: Enhancing cybersecurity for critical infrastructures
NIS2
NIS2: Enhancing cybersecurity for critical infrastructures
The NIS2 Directive aims to enhance the cybersecurity of critical infrastructures in the EU and ensure the resilience of networks and information systems against cyber threats.
The ISMS enables us to meet the requirements of NIS 2:
- Risk Management: The ISO 27001 standard requires regular risk assessments, which align with NIS2’s focus on managing cybersecurity risks.
- Incident Reporting: The standard’s requirement for incident management procedures supports NIS2’s mandate for rapid reporting of security incidents.
- Supply Chain Security: ISO 27001’s focus on third-party security helps ensure that NIS2’s supply chain security requirements are met.
- Regular Audits: ISO 27001’s requirements for internal audits align with NIS2’s need for regular security audits.
IKT
Minimal Standard – ICT Basic Protection in Switzerland
IKT
Minimal Standard – ICT Basic Protection in Switzerland
The “ICT Minimal Standard” sets the minimum requirements for ICT security in Switzerland and ensures that organizations implement basic security measures to protect their ICT infrastructure and data.
With our ISO 27001 ISMS, we meet the requirements of the ICT Minimal Standard:
- Risk Assessments: Regular risk assessments according to ISO 27001 ensure that security measures are updated to address new threats.
- Data Security: ISO 27001’s focus on data protection through encryption and access controls aligns with the requirements of the ICT Minimal Standard.
- Basic Security Measures: The controls of ISO 27001 include basic security measures such as firewalls, antivirus software, and encryption, which are essential for compliance with the ICT Minimal Standard.
- Incident Response: The procedures included in the standard for responding to security incidents help organizations meet the ICT Minimal Standard requirements for monitoring and responding to security incidents.
DORA
Ensuring the operational resilience of financial institutions
DORA
Ensuring the operational resilience of financial institutions
The Digital Operational Resilience Act (DORA) aims to ensure the operational resilience of financial companies in the EU and address the risks associated with digital transformation and increasing reliance on ICT systems.
With our ISO 27001 ISMS, we meet the DORA requirements as follows:
- ICT Risk Management: ISO 27001’s comprehensive risk management framework supports DORA’s requirements for managing ICT risks.
- Business Continuity: The standard’s focus on ensuring the availability and resilience of critical ICT systems aligns with DORA’s requirements for business continuity.
- Testing and Evaluations: Regular testing and evaluations of ICT systems according to ISO 27001 help meet DORA’s requirements for identifying and addressing vulnerabilities.
- Incident Reporting: ISO 27001’s procedures for incident management support DORA’s need to report significant ICT-related incidents.