News

Information security along the whole supply chain

Information is more important than ever today. At the same time, there has been an increasing focus on protecting information, which in turn raises the significance of standards, such as ISO 27001 that covers various aspects relating to information security. ISO 27001 certification is important for many of our customers – not only for selected service providers or data centers, but for the whole data processing supply chain.

For this reason, we already had cloudscale.ch certified in accordance with ISO 27001 as early as 2019, consequently committing ourselves to regular audits. Following our recent successful "recertification audit", our certificate was renewed without interruption. You will find the current certificate, which is valid until 2025, on our website and can download it for your files.

In addition to the universally applicable ISO/IEC 27001:2013 standard, we were also audited in accordance with the ISO/IEC 27017:2015 and 27018:2019 standards. These two standards were developed as extensions to ISO 27001 and define complementary controls that are particularly relevant to cloud services and to processing personally identifiable information in public clouds.

Continuous improvement as an integral component

We only recently announced that an ISAE 3000 report, which also deals with information security, is available if required. Although it is a coincidence that these two announcements are made so close together, it is no coincidence that this topic is consistently relevant for us. While ISO 27001 certificates are valid for three years, the standard mandates annual audits through the accredited certification body. This means that once the certificate has been issued, there are two "surveillance audits" and then a more comprehensive "recertification audit" for the renewal of the certificate.

In addition to this, internal audits also need to be performed every year. To achieve certification, it is not, however, enough for the tested processes to meet the requirements of the standard at the time of the audit. Moreover, the processes themselves need to be continuously further improved.

Useful features for enhanced security

With cloudscale.ch, you are choosing a cloud provider that not only takes data protection and information security extremely seriously, but also monitors this by means of independent audits. As mentioned above, it is essential that information security is implemented at all levels. We therefore provide a range of features that help customers enhance data security in their own areas of responsibility.

These include various options for collaboration in our cloud control panel, which mean that you can use cloud services in a corporate context, too, without needing to share accounts and passwords. Graduated access rights for each project and the use of two-factor authentication (2FA) enable you to add extra protection. And if you already use an "OpenID Connect"-compatible identity provider, such as Keycloak or ZITADEL, you can also benefit from single sign-on when logging into our cloud control panel. This means that you not only control the log-in process yourself, but you make things more convenient for your employees at the same time.

Although standards, processes and audits are sometimes perceived to be a little "dry", information security is not created on paper, but needs to be lived out in day-to-day routines. Our recent recertification audit in accordance with ISO 27001, 27017 and 27018 once again proved that we have our eye on the ball here at cloudscale.ch.

With trust comes responsibility!
Your cloudscale.ch team