NIMBUS Solutions Suite with Direct Voting: cutting-edge technology and legal compliance
7. December 2021
An interview with Nimbus CTO Daniel Stucki
9. March 2022
Nimbus AG achieves ISO/IEC 27001:2013 certification
With its ISO certification, Nimbus again increases data and resource confidentiality, integrity and availability
Information is one of the most valuable assets of a company. Moreover, personal data is subject to privacy regulations and needs to be protected by law. Nimbus has now achieved ISO/IEC 27001:2013 certification in order to guarantee utmost data security to our clients. Together with our state-of-the-art data centers and the security and penetration tests we carry out on a regular basis, this enables us to ensure topmost data confidentiality, integrity and availability for our share register managing and AGM organizing activities.
Data security’s protection goals
A company’s information security can be appraised by looking at the fulfilment rate of the protection goals, i. e. confidentiality, integrity and availability. To achieve confidentiality, the company must ensure that data can only be accessed, edited and managed by authorized users. Integrity means preventing unnoticed changes to data or manipulations thereof; any modification must therefore be traceable at all times. Availability involves guaranteeing that the system is protected against failures and attacks in order to be available to authorized persons at any time.
Nimbus has developed a consistent information security policy
In order to achieve these protection goals, Nimbus has developed an information security management system (ISMS) that was audited by Swiss Safety Center AG and confirmed by the issuance of the ISO/IEC 27001:2013 certification.
Developing the ISMS included a critical analysis of all organizational processes, as well as their optimization and documentation. To achieve this, Nimbus reviewed all its technical and non-technical processes, including the relevant security arrangements. All the processes were meticulously recorded. The description shows how every process needs to be carried out, how every single case can be aligned with the policy and what sanctions are to be taken in the event of non-compliance.
Moreover, some Nimbus AG employees received training as “Certified ISO/IEC Provisional Auditors”.
Pure Swissness: companies that value Swiss quality for share register management are right to choose Nimbus AG
Nimbus can proudly carry the label “swiss-made software + hosted in Switzerland”. Our team of developers is made up exclusively of software engineers whose workplace is in Ziegelbrücke. All systems and data are operated redundantly in a renowned Swiss data center, with backup safety being provided by an emergency data center in Ziegelbrücke. External security experts carry out IT security audits regularly, including penetration tests, in order to make sure that the NIMBUS Solutions Suite’s applications are perfectly protected. Now, after completing intensive work, the company has even achieved ISO/IEC 27001:2013 certification.
This was done because we take the company’s credo “the best services for our clients” very seriously. Our customers put their trust in us because we continuously invest in the best technology and training of our staff. We ensure that our systems comply with the latest standards, that all applications are highly secure and highly available and that our expert employees are personally committed to doing all it takes to meet our clients’ demands. We are convinced that optimum quality and top performance are the essential foundation of a long-term business partnership.