Login
  • CyberSeal -
    the seal of quality

    The CyberSeal confirms that an IT service provider implements appropriate technical and organizational measures to guarantee its customers adequate protection against cyber risks. The CyberSeal contributes to increasing the cyber resilience of Swiss SMEs.

    Benefit now from up to CHF 150 discount on the CyberSeal Audit

    Logo_CyberSeal_EN_PUR_400x400_mitHintergrund

Who is the Swiss CyberSeal for?

IT service providers with their registered office and customer base in Switzerland can receive the CyberSeal if they assume overall or partial responsibility for the setup and operation of IT and/or configure and provide cloud solutions (e.g., Microsoft 365) on behalf of SME customers.

Request Audit

CyberSeal

Added value for the IT service provider

Grafik zur Reduktion von Risiken

Reduction of implementation, operational and security risks

Grafik zur IT-Diensleister-Sensibilisierung

Cybercrime awareness and establishment of a common language

Grafik zur IT-Dienstleister Vertrauen

Fulfillment of minimum IT security requirements creates trust

Grafik zur IT-Diensleister Markposition

Better market position and advantages in insurance contracts

Added value for the end customer

Grafik Endkunden Cyberattacken

Reduction of risks regarding cyberattacks

Grafik Endkunden Vorteile

Fewer incidents, faster remediation and lower costs in the event of an incident

Grafik zur Wahl des Dienstleisters

Independent quality seal simplifies the choice of IT service provider

Grafik zum Endkunden Fokus

Stronger focus on core business

The CyberSeal auditing-process

The process follows a three-year cycle.  In year one, a full CyberSeal audit is carried out. In years two and three, a maintenance audit is carried out for quality control. In year four the process is repeated with a full audit.

(1) Interest

In case of interest, the IT service provider registers by means of a form. He receives the current CyberSeal checklist. An appointment for the audit is arranged.

(2) Self-declaration

He will be asked to complete and submit a self-declaration for each item on that checklist, as appropriate.

(3) Audit

The auditor checks the check points in the interview and at the console (in-depth on-site inspection). The auditor will only address self-declation questions if clarification is required.

(4) Feedback

If no major deviations have occurred, the CyberSeal Seal of approval is handed over together with the audit report.

(5) Implementation

Measures to eliminate deviations and to process indications shall be implemented within one year. This is checked in the maintenance audit.

(6) Maintenance

In years two and three after the audit, a maintenance audit is performed by self-declaration. The checklist is to be submitted updated. The auditor reviews the information and discusses any changes to the standard by telephone.

Request Audit

CyberSeal - Contents of the standard

IT service providers have a direct impact on the cyber resilience of SMEs. It is therefore imperative that IT service providers can demonstrate basic competencies in the following areas: 

  • Organization: e.g. Documentation, Aufgabenteilung, Ausbildung

  • Technology: e.g. data protection, authorizations, backup

  • Processes: e.g. Change und incident management, monitoring

The detailed audit checkpoints and processes are based on the valid CyberSeal Audit Manual of the Alliance Digital Security Switzerland (German and French only).

Terms and conditions for testing and use (German)
Inhalte des CyberSeal Standards

What is being tested

The CyberSeal checklist (German) defines the requirements for the IT service provider and is the defined standard for the seal of approval. The precise specifications are intended to promote the uniformity of the audit. Based on a declaration of the IT service provider by means of the current checklist, the auditor obtains an initial picture. The checklist is divided into 26 chapters.

Request Audit

Important documents at a glance

The CyberSeal audit requirements are reviewed annually and aligned with new threat conditions. The following documents are part of the CyberSeal Standard and will be submitted at the time of audit registration.

CyberSeal Audit Bericht

CyberSeal Audit Report

The report describes the results of the pass or fail audit. The report identifies major and minor deviations as well as notes and recommendations for cybersecurity improvement.

CyberSeal Audit Handbuch

CyberSeal Audit Manual
The manual describes the application of the CyberSeal checklist, the terms used, and the audit process. It also explains the requirements and how to deal with possible deviations.

CyberSeal Audit Manual (German)

CyberSeal Prüfliste

CyberSeal Checklist

This is the comprehensive checklist with the specific questions for conducting the CyberSeal audit. After the audit, the audit report is issued along with the filled-in checklist.                                                 

CyberSeal Checklist (German)

 

Dealing with deviations, indications and recommendations

Major Deviation, preventing CyberSeal

Failure to meet an Audit Manual requirement for a Priority One item on the checklist will result in a Major Deviation.  

Dealing with major deviations
The IT service provider has 3 months to correct the major deviation. After expiry of the deadline, the auditor assesses the rectification. Additional costs of CHF 600 are incurred for this review. If the major deviation is insufficiently resolved, no CyberSeal is issued and the process must be restarted.

Minor Deviation

If a requirement is only partially fulfilled for a checklist item designated with priority one, this results in a minor deviation

Dealing with minor deviations
The minor deviation must be handled by the IT service provider until the next sustainment audit. Then the deviation will be audited. A clearly identifiable improvement must have been implemented. Incomplete fulfillment of the requirement can be declared again as a minor deviation for the next audit/maintenance audit.

Notes and Recommendatoins

Notes are findings of the auditor that can contribute to an improvement of the cybersecurity of the IT service provider and its customers.

The IT service provider decides for itself whether and how the notes are implemented. The auditor will discuss an implementation in the next maintenance audit.

The Costs

The CyberSeal quality seal is valid for 3 years. It includes a comprehensive audit in year 1 worth CHF 3'700, followed by an annual maintenance audit in years two and three worth CHF 600 each.

CyberSeal Audit
Certified IT-Service Provider

  • Comprehensive audit in the first year at the customer's site
  • Compact CyberSeal checklist
  • Detailed documentation of the results
  • List of vulnerabilities and recommendations
  • Maintenance audits in the first two years included
CHF 4'900 excl. VAT
Request Audit

Maintenance Audit

  • Telephone call in years two and three for the maintenance audit
  • One-hour discussion (online or by phone) of progress based on self-declaration and current threats
  • Update regarding current cyber risks
  • Review of self-declaration