Our Risk Management & Compliance Services
The systematic detection and assessment of all risks is a vital prerequisite for consistently taking appropriate - which also means financially viable - measures. Systematic risk management improves your security level, reduces your risks and ensures that compliance requirements are met.
We advise and support you on the following areas:
- Development of your risk management system
- Implementation of a risk analysis based on ISO 27005
- Systematic identification of risks
- Provision of support for an efficiently run information security management tool (HiScout)
Every day there are new cyberattacks on companies. Cyber security is therefore an enormously important topic for the business success of a company. With InfoGuard‘s Digital Footprint Risk Monitoring Service, you keep an eye on your company‘s cyber risks!
The service offers you the following advantages:
• You know your digital footprint on the Internet and discover your attack surface.
• You know the vulnerabilities that are also visible and exploitable from the point of view of an external attacker.
• You can continuously assess the cyber risks of your company and provide to your management valuable dashboard and reports about your security score around the clock.
• You receive an external risk assessments based on periodic reviews by InfoGuard cyber security experts with risk-based measures and recommendations.
Learn more about our Digital Footprint Risk Monitoring Service here.
Our long-standing experience in the Cyber Security field gives us the expertise to assist you in setting up or optimising your cyber supply chain risk management (C-SCRM). A systematic C-SCRM improves the security levels in your supply chain, reduces your own cyber risks and ensures compliance.
We advise and assist you on the following subjects:
- Carrying out a risk analysis of your supply chain
- Implementing appropriate security measures
- Defining a systematic cyber supply chain risk management
- Supporting the organisation via a C-SCRM tool
- Constructing appropriate incident response management
You can find out more about our Supply Chain Cyber Risk Management Services here or in our brochure
We advise our customers regarding the applicable requirements such as internal control systems, data privacy, national legislation, regulations for business records management, IKS, DSG, EU GDPR, NIS2, PCI DSS, FINMA, SWIFT, etc.). InfoGuard helps you to implement the wide ranging requirements arising from compliance in an optimal way and operate them efficiently. We support you in analysing and implementing security measures according to ISO 27001 and 27002 so that there is the continual assurance that legal requirements are consistently being complied with.
We advise and support you on the following areas:
- Formulation of a security strategy aligned to corporate governance
- GAP analysis in terms of regulations, guidelines and directives
- Advice and support in formulating a security policy and the associated user guidelines and directives
- Implementation of a systematic compliance management system
- Implementation of data privacy regulations that conform to the law
- Provision of support for an efficiently run information security management tool ISMS (HiScout)
Our offering:
The HiScout ISMS module is geared toward meeting the requirements of the ISO 27001/27002 of international standards, and provides a reliable basis for the information management system’s control loop. HiScout not only focuses on the documentation of output, but also supports users through the automation and standardization of complex and distributed security processes in daily operations.
HiScout supports you on the following areas:
- Collection and evaluation of all assets in the scope
- IT risk management related to security objectives and selectable threat and vulnerability catalogs
- Assessment based on aspects of the threat, vulnerabilities and response levels
- Complete mapping of the audit (and self-assessment) process (from planning to addressing the findings) with users free to manage the tested requirements as they wish
- Centralized monitoring of actions (process support, evaluation of implementation statuses and origin for management purposes, assessment of impending actions)
- Procedural mapping of security considerations and action to be taken
- Practice-related mapping and cross-references between your specific requirements, e.g. ISO/IEC 27001/2, COBIT, BSI IT baseline protection, NIST Cyber Security Framework
Do you want to improve your security by establishing an information security management system (ISMS) in accordance with ISO 27001 or optimise your existing ISMS? Our experienced and certified ISO 27001 lead auditors will support you in your efforts to obtain ISO 27001 certification and the ePrivacy label and fulfil PCI DSS requirements.
We advise and support you on the following areas:
- Construction and roll-out of your information security management system based on ISO 27001
- (Re-) certification based on ISO 27001
- Implementation of a risk analysis based on ISO 27005
- Development of your ISMS based on ISO 27001
- Auditing of your ISMS based on ISO 27001
- Construction and roll-out of a data security management system based on the data privacy law
- Provision of support for an efficiently run information security management system using a field tested HiScout-Tool including a data privacy module
Many Swiss companies are scared of a cyber-attack. An important first step is to run checks on their own cyber security. Our Gap Analysis is carried out based on the internationally recognised NIST Cyber Security Framework (CSF), providing you with the transparency you need.
How you benefit from our NIST CSF gap analysis:
- You are given an overview of your current cyber security situation.
- You are made aware of the major risks and they have been assessed by independent experts.
- You understand your strengths/weaknesses profile with respect to the NIST CSF.
- You receive concrete recommendations for the measures that need to be taken - prioritised on the basis of the risk assessment - and you can start optimising your cyber security straight away.