Governance & Compliance 

Governance & Compliance

Full safety thanks to certified compliance 

As a total IT solution provider, we understand the responsibility for compliance with internal and external policies. That is why we support our customers in being able to meet any compliance requirements and rely on industry-leading security solutions, external audits and certifications.

Your advantages 

  • Support by Our Compliance Team
  • Comprehensive data protection and data sovereignty
  • Numerous certifications guarantee our standards
  • Independent auditing and certification
  • EU GDPR and Swiss DPA compliance
  • Private cloud solutions with top-tier certifications

INDEPENDENT CERTIFICATIONS FOR THE HIGHEST COMPLIANCE REQUIREMENTS 

For companies, it is becoming increasingly difficult to meet all necessary certifications and governance requirements. With the ever-growing demands for compliance and data protection, this can pose a significant challenge. As your trusted partner, we offer you comprehensive support in this area. Our compliance team, together with our CISO (Chief Information Security Officer), is happy to assist you in making the right decisions, especially when it comes to determining the best location for storing your data. MTF holds the following certifications and compliances:

Our organisation and our products are regularly audited by independent bodies in the areas of quality management and with regard to security, data protection and compliance guidelines. This gives you the security you need to know that we are a fully certified and compliant partner for all compliance requirements. The details of the certifications and conformities are listed below:

ISAE 3402 

International Standard on Assurance Engagements 3402 is an internationally recognised auditing standard for service organisations. It confirms the effectiveness of internal controls for outsourced processes that are relevant to financial reporting. MTF Solutions has ISAE 3402 Type 1 confirmation from an independent auditor. This documents that our control objectives are appropriately designed and implemented.

ISO 9001

ISO 9001 

ISO 9001:2015 "Quality Management Systems" is the central standard of the ISO 9000 ff. series of standards and contains standards for the quality management system towards our customers.

Our quality objectives
ISO 27001

ISO 27001 

The ISO/IEC 27000 series of standards helps organizations protect information assets. ISO/IEC 27001 sets out the requirements for an information security management system (ISMS). In addition, this standard provides a set of best practices as well as details on security controls for managing information risks.

ISO 27017

ISO 27017 

ISO/IEC 27017:2015 (International Electrotechnical Commission, IEC) provides guidelines for information security controls that apply to the provision and use of cloud services.

ISO 27018

ISO 27018 

ISO/IEC 27017:2015 (International Electrotechnical Commission, IEC) provides guidelines for information security controls that apply to the provision and use of cloud services.

GDPR 

Compliance with the GDPR is a top priority for MTF and our customers. The aim of the GDPR is to strengthen the protection of personal data in Europe. For all of us, this affects the way we do business. MTF takes a strictly customer-centric approach to protection, control and compliance. We want to help you implement the GDPR in the best possible way.

HIPAA 

The U.S. Health Insurance Portability and Accountability Act (HIPAA) of 1996 establishes privacy and security requirements for organizations responsible for maintaining the confidentiality of individuals' protected health information (PHI). These organizations meet the definition of "covered entities" or "business associates" under HIPAA.

PCI DSS

PCI DSS 

The Payment Card Industry Security Standards Committee (PCI Security Standards Council) is a global forum dedicated to the continuous development, improvement, storage, dissemination and implementation of security standards for the protection of account data.

NIST 

The National Institute of Standards and Technology defines globally recognised security standards for IT infrastructure. MTF solutions are based on these strict guidelines, including FIPS (Federal Information Processing Standard) validation for encryption modules. Compliance with NIST standards guarantees our customers the highest level of data security and integrity.

Swiss data protection law 

Since September 2023, the new Swiss Data Protection Act (nDSG, SR 235.1) has regulated the protection of privacy and fundamental rights of natural persons when processing their data. MTF Solutions is a Swiss company and is fully subject to Swiss data protection law. Our processes and systems are designed to meet the requirements of the nDSG and ensure data security, transparency and the protection of data subjects' rights.

Data protection, compliance, and governance are our top priorities 

For us at MTF, data protection is not only a legal obligation, but also a fundamental commitment to our customers. We also attach great importance to adhering to compliance requirements and governance standards. We understand the importance of sensitive data and do everything we can to protect your information and fulfil all necessary requirements.

Our dedicated team is always available to answer your questions and support you in all aspects of data protection, compliance and governance. Let's work together to ensure that your data is in the best hands.