Cloud  Compliance 

ISO 9001:2015 "Quality Management Systems" is the central standard of the ISO 9000 ff. series of standards and contains standards for the quality management system towards our customers.

The ISO/IEC 27000 series of standards helps organizations protect information assets. ISO/IEC 27001 sets out the requirements for an information security management system (ISMS). In addition, this standard provides a set of best practices as well as details on security controls for managing information risks.

ISO/IEC 27017:2015 (International Electrotechnical Commission, IEC) provides guidelines for information security controls that apply to the provision and use of cloud services.

ISO/IEC 27017:2015 (International Electrotechnical Commission, IEC) provides guidelines for information security controls that apply to the provision and use of cloud services.

Compliance with the GDPR is a top priority for MTF and our customers. The aim of the GDPR is to strengthen the protection of personal data in Europe. For all of us, this affects the way we do business. MTF takes a strictly customer-centric approach to protection, control and compliance. We want to help you implement the GDPR in the best possible way.

The Swiss Financial Market Supervisory Authority (FINMA) is responsible for Switzerland's financial markets and thus for the audit and supervision of banks, insurance companies and financial institutions. In Circular 2018/3, FINMA sets out the supervisory requirements for outsourcing solutions offered by banks, insurance companies and financial institutions.

The U.S. Health Insurance Portability and Accountability Act (HIPAA) of 1996 establishes privacy and security requirements for organizations responsible for maintaining the confidentiality of individuals' protected health information (PHI). These organizations meet the definition of "covered entities" or "business associates" under HIPAA.

The Payment Card Industry Security Standards Committee (PCI Security Standards Council) is a global forum dedicated to the continuous development, improvement, storage, dissemination and implementation of security standards for the protection of account data.

The National Institute of Standards and Technology (NIST) has developed Federal Information Processing Standard (FIPS) Publication 140-2 as a security standard. This lists requirements for encryption modules, including hardware, software and firmware, for U.S. federal agencies. FIPS 140-2 certification was established to protect digitally stored, unclassified, but still confidential information.

The Swiss Federal Law on Data Protection: SR 235.1 regulates the protection of the privacy of individuals and companies. MTF is a Swiss company which is fully subject to Swiss data protection law. We are already working on a template for the upcoming new DSGVO affiliated data protection of Switzerland.