ISO certification stickers with registration numbers on paper.

ISO 27001 Certification Support

We help you build, improve, and certify your Information Security Management System (ISMS) based on ISO/IEC 27001:

  • Gap analysis and ISMS maturity assessments
  • ISMS development, documentation, and implementation
  • Internal training and coaching for ISMS roles
  • Full support during certification audits and registrar interactions
A man analyzes cryptocurrency graphs on a touchscreen monitor in a modern office setting.

ICT & Cyber Risk Management

Our risk management services help you anticipate, quantify, and manage ICT and cyber risks holistically:

  • Risk management frameworks based on ISO 27005, NIST, COBIT
  • Threat and vulnerability assessments
  • Development of risk registers and mitigation strategies
  • Regulatory alignment, including DORA, NIS2, and FINMA guidelines for operational resilience, outsourcing, and cyber risk in the Swiss financial sector
A female engineer using a laptop while monitoring data servers in a modern server room.

IT Audit & Assurance

Our independent IT audits provide clarity, assurance, and accountability:

  • Internal audits aligned with ISO 27001 and NIS2
  • IT general controls (ITGC) and process audits
  • Audit readiness assessments (e.g. for ISAE 3402, SOC 2, COBIT)
  • Post-audit remediation planning and compliance monitoring
Masked hacker with credit card at computer, symbolizing cybercrime and anonymity.

Cloud Risk Assessment & Governance

Modern cloud environments require specialized control frameworks and risk strategies. We offer:

  • Risk assessments for IaaS, PaaS, and SaaS platforms
  • Benchmarking against ISO 27017/27018 and CSA CCM
  • Governance design for hybrid and multi-cloud environments, including alignment with the Shared Responsibility Model
  • AI-specific risk evaluation, including the use of cloud-based artificial intelligence and machine learning services, focusing on privacy, explainability, and regulatory alignment with upcoming EU AI Act and Swiss data protection law
A woman with digital code projections on her face, representing technology and future concepts.

Data Protection Advisory (nFADP & GDPR)

We support organizations in implementing and maintaining privacy compliance in line with Swiss and European data protection frameworks:

  • Data protection impact assessments (DPIAs)
  • Records of processing activities (RoPA) and privacy policy development
  • Design and validation of Technical and Organizational Measures (TOMs)
  • Guidance on sector-specific or cantonal data protection laws, especially for public-sector institutions and healthcare providers