Responsibility at BSI Security, compliance and sustainability
Your safety is important to us. BSI is made up of entrepreneurs who take responsibility. For ourselves, for our customers and partners, and for the environment. Information on data security, data protection, compliance management, digital responsibility and ESG can be found on this page.
Standards, Certificates & CoCs We take responsibility
ISO 27001 applies to organizations' information security. It sets out the requirements for a documented information security management system. BSI complies with this standard in full. The entire company and all of its services fall under it. The certification is valid for three years at a time.
ISAE 3402 Typ II
ISAE 3402 is the internationally recognized audit standard for auditing outsourcing providers' internal control systems. The certificate includes information regarding the efficacy of the internal controls that have been outsourced to a provider. BSI has its Cloud service audited in accordance with ISAE 3402 every year.
Data Fairness Label
The SWISS INSIGHTS data fairness label helps businesses to concern themselves with data (records) in a structured manner and to document their processes transparently. As a label holder, BSI is committed to the transparent handling of data and motivates its staff to engage actively with digital ethics. We value the exchange within the community and share our experiences.
Data protection: BSI Global Privacy
Not only do we protect our own personal data, but also those of our business partners and customers, as well as data that we process on their behalf. BSI operates on the basis of and in accordance with GDPR, the Swiss Data Protection Act, the Swiss Data Protection Ordinance, and the recommendations of the Swiss Federal Data Protection and Information Commissioner.
BSI is part of the EcoVadis and undergoes the EcoVadis rating on a regular basis. We are happy to share our scorecard with you via EcoVadis. For more information, please contact Joachim Schlegel.
GxP stands for "Good x Practice", and refers to all of the guidelines for good work practice that are of particular relevance in the fields of medicine, pharmaceuticals and pharmaceutical chemicals. BSI Life Sciences follows GxP methods and best practices.
Code of Conduct AI
In the development of AI systems, we are guided by six principles: damage prevention, fairness and self-determination are implemented through transparency, responsibility and ethical discourse. To this end, a process has been developed to ensure that digital-ethical considerations are adequately taken into account in the development and use of AI systems.
SWICO Digital Ethics Circle
The SWICO Digital Ethics Circle takes an in-depth look at ethical issues relating to data-based business models and identifies national and international best practices. Our head of AI, Christoph Bräunlich, is part of it.
BSI Code of Conduct
With our conduct, we assume responsibility and provide security – for our customers, partners and suppliers. The central principles of responsible conduct are set out in the company-wide BSI Code of Conduct (CoC). If you are interested in our CoC, please contact Joachim Schlegel.
BSI for the future
People and software are important to us. That is why we focus our ESG strategy on our customer relationships as well as on the well-being of our employees. We work continuously to provide our users with an excellent user experience and to meet the highest standards of cyber security and ethics. The energy for our services increasingly comes from renewable sources and we reduce consumption to the necessary minimum. BSI is made up of entrepreneurs who take responsibility. For ourselves, for our customers, partners, and for the environment. If you have any questions about sustainability at BSI, please contact Charlotte Malz.
Protection of whistleblowers
BSI implements the German Whistleblower Protection Act and the EU Whistleblower Directive with a whistleblower protection system. All stakeholders and interest groups can use this whistleblower protection system to submit information anonymously or by voluntarily providing personal data. This allows us to become aware of suspected cases and breaches at an early stage and resolve them independently.
Do you have any questions, or would you like to speak with someone? I would be happy to talk to you.
Florian Wöhrl, CISO (Chief Information and Security Officer), BSI