Governance & Compliance

01
02
03
04
05
06
07
CYBERSECURITY OF
CRITICAL INFRASTRUCTURES
06
FINMA
Operational Risk
05
DPO SERVICE
04
LPD& GDPR
03
ISO CERTIFICATIONS
02
Business
Continuity
01
ICT Management &
CyberSecurity
Governance

IT security, business continuity and compliance: the support of Security Lab Advisory SAGL.

Every company, bank, trust company, professional firm and institution must guarantee IT security, data and know-how protection, while ensuring business continuity and compliance with industry regulations. Security Lab Advisory SAGL supports organisations of all sizes and sectors in achieving their Governance & Compliance objectives, offering specialised consulting for secure and efficient management of security and regulatory compliance.

RELATED SERVICES
01

ICT Management & Cyber Security Governance (CIO/CISO)

In the current digital landscape, companies must offer innovative, secure, and high-performance technological services to remain competitive. The role of the CIO (Chief Information Officer) and the CISO (Chief Information Security Officer) is crucial to ensure:

  • Efficiency and quality of ICT processes
  • Effective management of cybersecurity risks
  • Control of outsourcers and IT suppliers
  • Compliance with international regulations and best practices

Security Lab Advisory SAGL supports organizations in defining and implementing an advanced ICT Management & Cyber Security Governance model, based on globally recognized frameworks:

  • COBIT – for IT governance and control
  • ITIL – for IT service management
  • NIST – for cybersecurity

Upon request, we also support the ISO 27001 certification process, ensuring compliance with international information security standards.

02

Business Continuity: Planning and ISO 22301 Certification

In the current landscape, organizations must be prepared to manage crises and unforeseen incidents to ensure operational continuity and business resilience. An effective Business Continuity Plan (BCP) enables:

  • Limiting the impact of critical events
  • Ensuring continuity of essential services
  • Protecting data, resources, and corporate reputation
  • Ensuring compliance with regulations and international standards

Security Lab Advisory SAGL supports organizations in:

  • Designing the Business Continuity Plan (BCP)
  • Implementing a Business Continuity Management System
  • Preparing for ISO 22301 Certification, if required

With our support, your company will be ready to face any emergency, ensuring ongoing operations and security over time.

03

ISO 27001 and Other Corporate Compliance Certifications

Security Lab Advisory SAGL supports organizations in the development of customized management systems, designed to meet the specific size and needs of the company. Our goal is to facilitate the achievement of international certifications, improving security, efficiency, and regulatory compliance.

  • Information Security and Privacy: ISO 27001, ISO 27017, ISO 27018, ISO 27701
  • Business Continuity and Risk Management: ISO 22301
  • IT Service Management: ISO 20000
  • Occupational Health and Safety: ISO 45001
  • Environmental Management and Sustainability: ISO 14001
  • Quality Management: ISO 9001
  • Social Responsibility: SA 8000

With a strategic and multidisciplinary approach, our team of experts will guide you in implementing an effective and certifiable management system, ensuring compliance with international standards and providing a competitive edge in the market.

04

LPD & GDPR Consulting: Data Protection Compliance

Security Lab Advisory SAGL offers a specialized consultancy service for compliance with the LPD and GDPR, supporting companies and organizations in aligning with personal data protection regulations.

Thanks to a team of experts with technological, organizational, managerial, and legal skills, we assist companies in implementing tailored strategies to:

  • Comply with the Federal Data Protection Act (LPD) and the General Data Protection Regulation (GDPR).
  • Assess and mitigate risks related to the processing of personal data.
  • Implement security policies and corporate governance.
  • Manage Data Breaches, Privacy Impact Assessments (DPIA), and requests from data subjects.

Rely on Security Lab Advisory SAGL for personalized support that complies with international data protection standards.

discover more
05

DPO Service: External Data Protection Advisor (DPO/GDPR)

The new regulations on personal data protection, such as the GDPR (General Data Protection Regulation) and the LPD (Data Protection Act in Switzerland), require many organizations to appoint a Data Protection Officer (DPO) or Data Protection Consultant.

To ensure multidisciplinary expertise and avoid conflicts of interest, the regulations also allow for the appointment of qualified external consultants.


DPO Service Agreement with Security Lab Advisory SAGL

Security Lab Advisory SAGL offers an outsourced DPO service, assigning the role to a specialized team in data protection. Our approach guarantees:

  • Independence and regulatory compliance according to LPD and GDPR.
  • Management of privacy and data security for the company.
  • Strategic and operational consultancy for compliance with regulations.
  • Support in risk assessment and implementation of security measures.

Rely on our experts to ensure the protection of your company's data and full compliance with regulatory requirements.

06

Operational Risk and Digital Resilience: FINMA and DORA Regulations

The FINMA regulations in Switzerland and the DORA (Digital Operational Resilience Act) regulation in Europe require financial sector operators and their ICT providers to adopt an advanced model for managing and controlling operational risks and digital resilience.

  • FINMA Circular 2023/01 governs operational risk and resilience for the financial sector.
  • The DORA regulation strengthens cyber security and digital operational resilience within the European Union.
  • FINMA Circular 2018/3 provides guidelines for the management of outsourced IT services.

Solutions for Regulatory Compliance

With a deep understanding of the financial sector and solid experience in risk management, cyber security, and business continuity, we provide support to banks and fiduciaries for:

  • Assessment of operational risks according to international best practices.
  • Implementation of digital resilience strategies to ensure operational continuity.
  • Management of cyber security in compliance with FINMA and DORA.
  • Oversight of IT providers and outsourced services, ensuring regulatory compliance.

Rely on our experience to ensure full compliance with FINMA and DORA regulations, strengthening the security and operational continuity of your financial institution.

07

Critical Infrastructure Cybersecurity: LSIn, NIS2 and Industry Regulations

Cybersecurity for critical infrastructures is now a priority for all organizations, especially those managing essential services such as energy, transport, and healthcare. The evolving regulatory landscape imposes new standards for resilience and cybersecurity protection, including:

  • LSIn (Cybersecurity Law) and the Minimum Resilience Standard TIC.
  • Specific regulations for critical sectors such as healthcare, transport, and energy.
  • NIS2 Directive, which strengthens the security of the value chain across the EU and also impacts non-EU companies.

These regulations require organizations to implement advanced cybersecurity models, align with national strategies, and collaborate with authorities and regulatory bodies.

Regulatory Compliance and Cybersecurity Support

Security Lab Advisory SAGL helps companies achieve compliance with LSIn, NIS2, and other regulations by offering:

  • Analysis of regulatory requirements and gaps compared to best practices.
  • Evaluation of cybersecurity risks and mitigation strategies.
  • Implementation of cybersecurity governance systems for networks, infrastructures, and data.
  • A systemic approach to cybersecurity protection, ensuring security and competitiveness.

Rely on our expertise to guarantee the cybersecurity of your organization, protect critical infrastructures, and comply with new regulations in cybersecurity.