Security in IT is like locking your house or car – it doesn't stop the bad guys, but if it's good enough they may move on to an easier target.
insecor® is a Swiss Company. Core competence is: the holistic approach to Information Risk Management.
CEO, owner of the company, MAS Law,
CAS Information Security
Languages: I speak German, English and French.
Who is working for insecor?
To best meet the needs of my clients I work closely with carefully selected cyber security professionals, ICT-Lawyers and trustworthy partner companies. Additional specialised companies are brought in depending on the specific project and its requirements, business sector and volume.
- Data Protection Regulations in Europe and Switzerland
Planning, supporting and implementing the necessary organisation, processes and documents in order to be compliant with the EU General Data Protection Regulation (GDPR) as well as the Swiss Federal Data Protection Act (DPA). Revision of Switzerland's Data Protection Act (DPA): Please note, that the totally revised DPA finally passed on the 25th of September 2020. The Swiss Parliament agreed on the last differences and approved the final text of the new DPA. Nevertheless, it is still uncertain when exactly the new DPA will enter into force. This will probably not be before mid-2022 at the earliest, because the ordinances for the new DPA have yet to be worked out resp. finalized and passed by the Federal Council. On June 23, 2021, the Federal Council published the draft of the totally revised Data Protection Ordinance. The consultation period lasted until October 14, 2021. Brexit: the UK has left the EU. As part of the new trade deal, the EU has agreed to delay transfer restrictions for at least another four months, which can be extended to six months (known as the bridge). This enables personal data to flow freely from the European Economic Area (EEA) to the UK until either adequacy decisions are adopted, or the bridge ends. The EU GDPR is an EU Regulation and it no longer applies to the UK. If you operate inside the UK, you will need to comply with UK data protection law. The GDPR has been incorporated into UK data protection law as the UK GDPR – so in practice there is little change to the core data protection principles, rights and obligations found in the UK GDPR. As well the ICO, UK's Data Protection Authority, will continues working closely with European supervisory authorities. For more information, please visit the specific web page of the ICO. Regarding Swiss companies: they should additionally visit the Swiss Data Protection Authority's website from time to time for current information and the latest news. Swiss-US Privacy Shield: The Swiss Data Protection Authority (Swiss DPA; FDPIC) has taken note of the CJEU ruling. This ruling is not directly applicable to Switzerland. The FDPIC concludes in his position paper of 8 September 2020, although it guarantees special protection rights for persons in Switzerland, it does not provide an adequate level of protection for data transfer from Switzerland to the US pursuant to the Federal Act on Data Protection (FADP). Please find more information on the website of the Federal Council as well as the website of the U.S. Department of Commerce, regarding the Swiss-US Privacy Shield FAQs.
- Mandate as a Data Protection Officer (DPO)
According to the applicable data protection laws GDPR as well as the DPA resp. the Federal Act on Data Protection (FADP).
- Technical and organisational measures (TOMs)
Planning and implementation of technical and organisational measures ("TOM") according to the applicable data protection laws (DPA; GDPR) and standards such as ISO/IEC 27000 series, NIST, BSI standards, etc.
- Governance and Risk Assessment
Regarding data protection and information security; e.g. security and privacy concepts for information technology systems and databases; legal evaluation of projects and information technology systems; defining information security and data protection measures within ICT projects; planning and implementing information security management systems (isms according to ISO 27001).
Regarding data protection and information security (in particular according to the ISO/IEC 27000 series).
- Project- and Process Management
Such as consultancy for ICT project managers, defining information security and data protection measures within ICT projects, etc.
Cybersecurity / Fight against cybercrime
- Consulting and conception
Authoring, revising and/or analysing concepts and designs.
- Cybersecurity audits
Situation analysis and assessment of IT infrastructure components, systems and applications.
- Services and solutions
Consultancy to clear up incidents (e.g. data leakage or cybercrime) and solutions (development of software, etc.) specifically for organizations and companies with increased security requirements (e.g. police authorities, public prosecutors, tax authorities, banks and insurance companies).
Methods and Standards
We emphasize the interdisciplinary approach and therefore the close collaboration with the management body and legal department as well as the CISO, ICT project managers and computer scientists. We apply recognized standards, methods and best practices as for example the ISO/IEC 27000 series, NIST, COBIT or the HERMES 5 project management method.
Some good reasons to choose insecor…
- Personal and Expert Advice
- Swiss Company
- Distinctive Quality Awareness
- Experience and Innovation
- Interdisciplinary Team thanks to highly qualified Partners
- Strong Commitment
Some highlights of my work…
- Various mandates as Data Protection Officer (DPO) according to the applicable data protection laws GDPR as well as the Swiss Data Protection Act
- Performing various audits, consulting, editing of legal documents and give trainings as Data Protection Officer (DPO)
- Carrying out various Privacy Impact Assessments (PIA) and recommending technical and organisational measures (TOMs)
- Authoring information security concepts (incl. protection needs analysis and risk analysis) for information systems containing sensitive data
- Mandate as the only external technical expert for data protection management systems (incl. ISO 27001 and ISO 27002) of the Swiss Accreditation Service (SAS)
- HIV - Handels- und Industrieverein des Kantons Bern
- IAPP - International Association of Privacy Professionals
- ISACA - Information Systems Audit and Control Association
- ISSS - Information Security Society Switzerland
- SF - Schweizer Forum für Kommunikationsrecht
- SGRP - Sicherheitsgruppe Schweiz
- SK ITS - Sector Comittee Information Technology
- SPICT - Verein Swiss Police ICT
- swissICT - Schweizerischer Verband der Informations- und Kommunikationstechnologie
If you require any additional information please feel free to contact me and I will be happy to assist you.