Proactive Security

We believe in taking a proactive stance on securing our systems and applications. We follow industry best practices, as well as our customers’ recommendations, to harden our systems. When it comes to our application, our developers follow industry best practices during the software development lifecycle, including OWASP (Open Web Application Security Project) Top 10 and relevant technology specific guidelines. We rigorously test our code prior to and after the deployment to production. Preventative and corrective maintenance of the data center equipment is scheduled through a standard process according to documented procedures.

Data Center Security

SwissConnect stores all production data in physically secure datacenters. We own and maintain the backend infrastructure where customer data is stored. We use data centers in various geographic locations for continuity and regulatory purposes, which are Tier III/Tier III+ and ISO 27001 certified. Our data centers have common security practices, including closed-circuit video monitoring and 24/7-manned guards, and require the use of biometric access controls to our locked cages.

Data Security

Our customer’s data – and the security of that data – is of utmost importance to us, which is why we provide our customers with complete control over their data. Our servers are encrypted using TLS. We employs multiple layers of network devices and intrusion detection to protect its external attack surface. And, our security architecture ensures segregation of customer data.

Continuous Monitoring

We utilize both internal and external services to perform continuous scanning and monitoring of our network and application. We also conduct regular vulnerability scans, risk assessments and penetration tests.

Compliance

We strive to be industry leaders in regulatory requirements and compliance. Our processes and controls are regularly audited by internal and external parties, including customers and independent assessors. Our datacenters are Tier III/Tier III+ and/or ISO 27001 certified. We have also successfully undergone audits and are compliant with General Data Protection Regulation (GDPR).

Located in Switzerland and NSA non-compatible

Switzerland is a synonym for reliability and neutrality as well as being internationally recognised for its discretion and the quality of its services. MMT SwissConnect is a neutral, independent company. Swiss law concerning data protection ensures complete confidentiality both for businesses and for individuals, and no government can have access to personal information without the agreement of a judge.

General Data Protection Regulation (GDPR) Compliance

SwissConnect is passionate about ensuring that our clients are able to comply with data privacy regulations, including the European Union’s GDPR, which goes into effect in May 2018. We provide our clients with enterprise-grade controls to manage, govern access and ensure security of personal data housed in SwissConnect Cloud. As required by GDPR, SwissConnect allows our clients to correct, export, or permanently delete personal information. SwissConnect also purges personal data from internal processing systems to minimize the data we retain per GDPR Article 5. Please visit our GDPR page to find out more how SwissConnect is setting the bar for customer personal data protection.

To report an incident, concern, or for general security questions, please email privacy@mmt.ch