SwissIX certifies itself according to the ISO standard 27001:2013 and is committed to fulfilling these requirements. The scope of the certification covers the operation of the entire SwissIX Internet Exchange.
SwissIX has set itself the following goals:
The SwissIX Information Security Management System documents all procedures and rules that serve to ensure The SwissIX's information security towards its stakeholders. The ISMS is continuously communicated and trained in stages. The application of these regulations is mandatory and binding.
The ISMS of the SwissIX is constantly reviewed and adapted to the current situation. In the sense of continuous improvement, the competences of all the agencies involved are constantly being developed.
All Employees of SwissIX who carry out activities within the scope of the ISMS are responsible for information security in their area of expertise. Managers at all levels of the hierarchy are obliged to provide the necessary resources and skills. They are obliged to implement all necessary security measures in the long term within the scope of their area of responsibility. They guide their employees and train them according to their needs.
The CISO is responsible for the development and definition, monitoring, control and operation and continuous improvement of the ISMS. He reports to the management.
Asset owners set, document, and apply rules for the permitted use of information and values allocated to them.
Risk owners conduct the information security risk assessment and treatment process for their assigned risks. They analyse and assess the risks and define appropriate measures.
The regulations of SwissIX in the context of information security apply accordingly to persons who carry out activities as external or employees of third parties within the scope of the ISMS and must be complied with by them.
SwissIX reviews information security at scheduled and regular intervals with internal and external audits. The results of these checks feed into continuous improvement.
SwissIX agrees with third parties on contractual penalties which may be claimed in the event of repeated or individual serious breaches of the safety regulations and instructions. In such cases, internal employees are subject to labour law sanctions.