Security Policy

Initial situation and scope

SwissIX certifies itself according to the ISO standard 27001:2013 and is committed to fulfilling these requirements. The scope of the certification covers the operation of the entire SwissIX Internet Exchange.

Aims of information security

SwissIX has set itself the following goals:

  • Adequate protection of information related to availability, confidentiality and integrity (CIA).
  • Fulfillment of legal, contractual and internal requirements in the field of information security.
  • Use ISO 27001 as an everyday tool for quality assurance and constant further development of the association.

The ISMS of The SwissIX

The SwissIX Information Security Management System documents all procedures and rules that serve to ensure The SwissIX's information security towards its stakeholders. The ISMS is continuously communicated and trained in stages. The application of these regulations is mandatory and binding.

Continuous improvement

The ISMS of the SwissIX is constantly reviewed and adapted to the current situation. In the sense of continuous improvement, the competences of all the agencies involved are constantly being developed.

Organisation and responsibilities

Internal employees / General

All Employees of SwissIX who carry out activities within the scope of the ISMS are responsible for information security in their area of expertise. Managers at all levels of the hierarchy are obliged to provide the necessary resources and skills. They are obliged to implement all necessary security measures in the long term within the scope of their area of responsibility. They guide their employees and train them according to their needs.

CISO

The CISO is responsible for the development and definition, monitoring, control and operation and continuous improvement of the ISMS. He reports to the management.

Asset Owner

Asset owners set, document, and apply rules for the permitted use of information and values allocated to them.

Risk Owner

Risk owners conduct the information security risk assessment and treatment process for their assigned risks. They analyse and assess the risks and define appropriate measures.

External employees / employees of third parties

The regulations of SwissIX in the context of information security apply accordingly to persons who carry out activities as external or employees of third parties within the scope of the ISMS and must be complied with by them.

Controls

SwissIX reviews information security at scheduled and regular intervals with internal and external audits. The results of these checks feed into continuous improvement.

Sanctions

SwissIX agrees with third parties on contractual penalties which may be claimed in the event of repeated or individual serious breaches of the safety regulations and instructions. In such cases, internal employees are subject to labour law sanctions.