Information security

On this page you will find important information and instructions relating to IT and information security.

This provides an introduction to the risks and solutions associated with data protection in today's information systems. The main themes of data protection are presented from the point of view of possible technical and organisational measures, such as encryption, anonymisation, authentication, etc. The Guide is designed as an aid to implementing appropriate measures to ensure optimal and appropriate protection of personal data, by making the links with current regulations and standards. 

The Guide is primarily intended for people in charge of information systems, whether technicians or not, who are directly confronted with the problem of personal data management.

A private controller and its private processor must log the storage, alteration, reading, disclosure, deletion and destruction of data during the automated processing of personal data. These recommendations are intended to provide a summary of what is involved in this form of logging and what needs to be done to comply with Article 4 DPO in technical terms.

The private Controller and its Processor (see Art. 5 DPO) must draw up processing regulations for automated processing operations if they process sensitive personal data on a large scale or carry out high risk profiling.

The federal body responsible and its Processor (see Art. 6 DPO) shall draw up processing regulations for automated processing operations if they process sensitive personal data; carry out profiling; process personal data in accordance with Article 34 paragraph 2 letter c FADP ; make personal data accessible to cantons, foreign authorities, international organisations or private persons; link data collections with each other; or operate an information system or manage data collections with other federal bodies.

The basis for the processing regulations – in relation to ICT projects in the Federal Administra-tion – is the ISDP concept.