Security in IT is like locking your house or car – it doesn't stop the bad guys, but if it's good enough they may move on to an easier target.
Company Profile
insecor® is a Swiss Company. Core competence is: the holistic approach to Information Risk Management.
Management
Liliane Mollet
CEO, owner of the company, MAS Law,
CAS Information Security
Languages: I speak German, English and French.
Who is working for insecor?
To best meet the needs of my clients I work closely with carefully selected cyber security professionals, ICT-Lawyers and trustworthy partner companies. Additional specialised companies are brought in depending on the specific project and its requirements, business sector and volume.
Consultancy
- Data Protection Regulations in Europe and Switzerland
Planning, supporting and implementing the necessary organisation, processes and documents in order to be compliant with the EU General Data Protection Regulation (GDPR) as well as the Swiss Federal Data Protection Act (DPA). Revision of Switzerland's Data Protection Act (DPA): At its session on August 31, 2022, the Federal Council enacted the new Data Protection Act (DPA) and its ordinances as of September 1, 2023. All legal texts, including the technical ordinances, are now published. Of particular interest are the new "DSG" (DPA) and its ordinance "DSV" (incl. explanations of the individual articles), plus the FAQs on data protection law. Read more (in German only) Brexit: the UK has left the EU. As part of the new trade deal, the EU has agreed to delay transfer restrictions for at least another four months, which can be extended to six months (known as the bridge). This enables personal data to flow freely from the European Economic Area (EEA) to the UK until either adequacy decisions are adopted, or the bridge ends. The EU GDPR is an EU Regulation and it no longer applies to the UK. If you operate inside the UK, you will need to comply with UK data protection law. The GDPR has been incorporated into UK data protection law as the UK GDPR – so in practice there is little change to the core data protection principles, rights and obligations found in the UK GDPR. As well the ICO, UK's Data Protection Authority, will continues working closely with European supervisory authorities. For more information, please visit the specific web page of the ICO. Regarding Swiss companies: they should additionally visit the Swiss Data Protection Authority's website from time to time for current information and the latest news. Switzerland and USA - international data transfer: The Swiss Data Protection Authority (Swiss DPA; FDPIC) has taken note of the CJEU ruling. This ruling is not directly applicable to Switzerland. The FDPIC concludes in his position paper of 8 September 2020, although it guarantees special protection rights for persons in Switzerland, it does not provide an adequate level of protection for data transfer from Switzerland to the US pursuant to the Switzerland's Data Protection Act (DPA). Read more on the website of Switzerland's Data Protection Authority regarding Transfer of data to the USA. Please have as well a look at the US State Privacy Legislation Tracker. It provides an overview of the current developments in the data protection laws of the USA, which are seeking to align themselves with the level of data protection in the European Union (i.e., the GDPR). Nevertheless, the final assessment as to whether a data transfer to the USA may take place remains with the data exporting company. Before data may be transferred to a country with inadequate data protection, a corresponding risk assessment ("TIA - Transfer Impact Assessment") must be carried out with regard to the data transfer in question. Based on the result of this risk assessment, appropriate protective measures must be taken or the data transfer must be avoided altogether. - Mandate as a Data Protection Officer (DPO)
According to the applicable data protection laws GDPR as well as the DPA resp. the Federal Act on Data Protection (FADP). - Technical and organisational measures (TOMs)
Planning and implementation of technical and organisational measures ("TOM") according to the applicable data protection laws (DPA; GDPR) and standards such as ISO/IEC 27000 series, NIST, BSI standards, etc. - Governance and Risk Assessment
Regarding data protection and information security; e.g. security and privacy concepts for information technology systems and databases; legal evaluation of projects and information technology systems; defining information security and data protection measures within ICT projects; planning and implementing information security management systems (isms according to ISO 27001). - Audits
Regarding data protection and information security (in particular according to the ISO/IEC 27000 series). - Project- and Process Management
Such as consultancy for ICT project managers, defining information security and data protection measures within ICT projects, etc.
Cybersecurity / Fight against cybercrime
- Consulting and conception
Authoring, revising and/or analysing concepts and designs. - Cybersecurity audits
Situation analysis and assessment of IT infrastructure components, systems and applications. - Services and solutions
Consultancy to clear up incidents (e.g. data leakage or cybercrime) and solutions (development of software, etc.) specifically for organizations and companies with increased security requirements (e.g. police authorities, public prosecutors, tax authorities, banks and insurance companies).
Methods and Standards
We emphasize the interdisciplinary approach and therefore the close collaboration with the management body and legal department as well as the CISO, ICT project managers and computer scientists. We apply recognized standards, methods and best practices as for example the ISO/IEC 27000 series, NIST, COBIT or the HERMES 5 project management method.
Some good reasons to choose insecor…
- Personal and Expert Advice
- Swiss Company
- Distinctive Quality Awareness
- Experience and Innovation
- Interdisciplinary Team thanks to highly qualified Partners
- Strong Commitment
Some highlights of my work…
- Various mandates as Data Protection Officer (DPO) according to the applicable data protection laws GDPR as well as the Swiss Data Protection Act
- Performing various audits, consulting, editing of legal documents and give trainings as Data Protection Officer (DPO)
- Carrying out various Privacy Impact Assessments (PIA) and recommending technical and organisational measures (TOMs)
- Authoring information security concepts (incl. protection needs analysis and risk analysis) for information systems containing sensitive data
- Mandate as the only external technical expert for data protection management systems (incl. ISO 27001 and ISO 27002) of the Swiss Accreditation Service (SAS)
Memberships
- HIV - Handels- und Industrieverein des Kantons Bern
- IAPP - International Association of Privacy Professionals
- ISACA - Information Systems Audit and Control Association
- SF - Schweizer Forum für Kommunikationsrecht
- SGRP - Sicherheitsgruppe Schweiz
- SK ITS - Sector Comittee Information Technology
- SPICT - Verein Swiss Police ICT
- swissICT - Schweizerischer Verband der Informations- und Kommunikationstechnologie
Contact us
If you require any additional information please feel free to contact me and I will be happy to assist you.
insecor gmbh
Länggassstrasse 8
P.O. Box
3001 Berne
Switzerland
+41 31 302 09 18
info(at)insecor.ch
www.insecor.ch