CloudCompliance

The ISO/IEC 27000 series of standards helps organizations protect information assets. ISO/IEC 27001 sets out the requirements for an information security management system (ISMS). In addition, this standard provides a set of best practices as well as details on security controls for managing information risks.

ISO/IEC 27017:2015 (International Electrotechnical Commission, IEC) provides guidelines for information security controls that apply to the provision and use of cloud services.

ISO/IEC 27017:2015 (International Electrotechnical Commission, IEC) provides guidelines for information security controls that apply to the provision and use of cloud services.

Compliance with the GDPR is a top priority for MTF and our customers. The aim of the GDPR is to strengthen the protection of personal data in Europe. For all of us, this affects the way we do business. MTF takes a strictly customer-centric approach to protection, control and compliance. We want to help you implement the GDPR in the best possible way.

The Swiss Financial Market Supervisory Authority ("FINMA") is responsible for the examination and supervision of banks, insurance companies, financial institutions, collective investment schemes, fund managers and insurance intermediaries. FINMA is responsible for the protection of creditors, investors and policyholders and for the functioning of the financial markets in Switzerland.

The U.S. Health Insurance Portability and Accountability Act (HIPAA) of 1996 establishes privacy and security requirements for organizations responsible for maintaining the confidentiality of individuals' protected health information (PHI). These organizations meet the definition of "covered entities" or "business associates" under HIPAA.

The Payment Card Industry Security Standards Committee (PCI Security Standards Council) is a global forum dedicated to the continuous development, improvement, storage, dissemination and implementation of security standards for the protection of account data.

The National Institute of Standards and Technology (NIST) has developed Federal Information Processing Standard (FIPS) Publication 140-2 as a security standard. This lists requirements for encryption modules, including hardware, software and firmware, for U.S. federal agencies. FIPS 140-2 certification was established to protect digitally stored, unclassified, but still confidential information.

The Swiss Federal Law on Data Protection: SR 235.1 regulates the protection of the privacy of individuals and companies. MTF is a Swiss company which is fully subject to Swiss data protection law. We are already working on a template for the upcoming new DSGVO affiliated data protection of Switzerland.