Responsibility at BSI Security, compliance and sustainability

Your safety is important to us. BSI is made up of entrepreneurs who take responsibility. For ourselves, for our customers and partners, and for the environment. Information on data security, data protection, compliance management, digital responsibility and ESG can be found on this page.

Image

Standards, Certificates & CoCs We take responsibility

Image

ISO 27001

ISO 27001 applies to organizations' information security. It sets out the requirements for a documented information security management system. BSI complies with this standard in full. The entire company and all of its services fall under it. The certification is valid for three years at a time.

Image

ISAE 3402 Typ II

ISAE 3402 is the internationally recognized audit standard for auditing outsourcing providers' internal control systems. The certificate includes information regarding the efficacy of the internal controls that have been outsourced to a provider. BSI has its Cloud service audited in accordance with ISAE 3402 every year.

Image

Data Fairness Label

The SWISS INSIGHTS data fairness label helps businesses to concern themselves with data (records) in a structured manner and to document their processes transparently. As a label holder, BSI is committed to the transparent handling of data and motivates its staff to engage actively with digital ethics. We value the exchange within the community and share our experiences.

Image

Data protection: BSI Global Privacy

Not only do we protect our own personal data, but also those of our business partners and customers, as well as data that we process on their behalf. BSI operates on the basis of and in accordance with GDPR, the Swiss Data Protection Act, the Swiss Data Protection Ordinance, and the recommendations of the Swiss Federal Data Protection and Information Commissioner.

Image

EcoVadis Community

BSI is part of the EcoVadis and undergoes the EcoVadis rating on a regular basis. We are happy to share our scorecard with you via EcoVadis. For more information, please contact Joachim Schlegel.

Image

GxP

GxP stands for "Good x Practice", and refers to all of the guidelines for good work practice that are of particular relevance in the fields of medicine, pharmaceuticals and pharmaceutical chemicals. BSI Life Sciences follows GxP methods and best practices.

Image

Code of Conduct AI

In the development of AI systems, we are guided by six principles: damage prevention, fairness and self-determination are implemented through transparency, responsibility and ethical discourse. To this end, a process has been developed to ensure that digital-ethical considerations are adequately taken into account in the development and use of AI systems.

Image

SWICO Digital Ethics Circle

The SWICO Digital Ethics Circle takes an in-depth look at ethical issues relating to data-based business models and identifies national and international best practices. Our head of AI, Christoph Bräunlich, is part of it.

Image

BSI Code of Conduct

With our conduct, we assume responsibility and provide security – for our customers, partners and suppliers. The central principles of responsible conduct are set out in the company-wide BSI Code of Conduct (CoC). If you are interested in our CoC, please contact Joachim Schlegel.

Sustainability

BSI for the future

People and software are important to us. That is why we focus our ESG strategy on our customer relationships as well as on the well-being of our employees. We work continuously to provide our users with an excellent user experience and to meet the highest standards of cyber security and ethics. The energy for our services increasingly comes from renewable sources and we reduce consumption to the necessary minimum. BSI is made up of entrepreneurs who take responsibility. For ourselves, for our customers, partners, and for the environment. If you have any questions about sustainability at BSI, please contact Charlotte Malz.

Protection of whistleblowers

BSI implements the German Whistleblower Protection Act and the EU Whistleblower Directive with a whistleblower protection system. All stakeholders and interest groups can use this whistleblower protection system to submit information anonymously or by voluntarily providing personal data. This allows us to become aware of suspected cases and breaches at an early stage and resolve them independently.

Go to whistleblower protection system

Any questions?

Do you have any questions, or would you like to speak with someone? I would be happy to talk to you.

Florian Wöhrl, CISO (Chief Information and Security Officer), BSI

florian.woehrl@bsi-software.com

BSI Customer Suite

Provide a truly compelling customer experience with seven products – all in one solution.

bsi.engage
bsi.CX
bsi.CRM
bsi.insight
bsi.ai
bsi.cdp
bsi.eip
Business departments
Industries