Our Information Security Management System (ISMS) is ISO/IEC 27001:2022 certified by an IAF-accredited body. We adopt the ISO/IEC 27002:2022 standards as an operational reference for security controls and risk management, and we have voluntarily aligned with the requirements of the European NIS2 Directive. All this in compliance with the Swiss Federal Act on Data Protection (nFADP).
Access to information only by authorized parties.
Accurate, complete data protected from unauthorized alterations.
Information and systems available when needed.
Structured assessment and treatment of security risks.
7networks has obtained ISO/IEC 27001:2022 certification (certificate no. ITA-10331-ISMS) issued by Scandinavian Certification AS, an IAF-accredited body.
The certification, issued on 22 June 2026 and valid until 22 June 2029, covers the design, integration, management and support of IT infrastructure, cloud solutions and cybersecurity services, as well as the delivery of managed services and business continuity.
7networks has chosen to align with the European NIS2 Directive (EU 2022/2555), undergoing an independent assessment with positive results on all applicable controls. No major or minor non-conformities or observations were found. The audit, carried out on 25 May 2026 by an independent Lead Auditor, verified the consistency of the organizational and technical measures with the requirements of the directive and the guidelines.
NIS2 extends security responsibility to the supply chain. Having 7networks as an aligned partner means removing a weak link from your supply chain and simplifying your compliance.
We identify and address risks in proportion to the criticality of assets and the threat context. Decisions on controls and investments stem from risk assessments.
Security is not the sole prerogative of technical functions: every person who accesses information or systems actively contributes to their protection.
Security controls across multiple layers — organizational, physical, logical, procedural — so that the failure of a single control does not compromise overall protection.
Access granted solely to the extent necessary for assigned duties, with periodic review and timely revocation.
Compliance with legal, regulatory and contractual requirements, verified through internal and third-party audits.
A permanent cycle of planning, implementation, verification and corrective action, driven by the results of audits, incidents and management reviews.