Independently verified. Structurally sound.

Security you can audit, not just trust.

Every framework we align with, every certification we hold, every verification we carry: each one reflects a deliberate structural decision, and is part of the foundation every customer, partner, and evaluator builds on. We're transparent about what we're certified for, what we're aligned with, and where the distinction matters.

What we hold, and what it means

Three levels of assurance – one clear picture

Not every framework works the same way, and we don't treat them as if they do. Some we're formally certified against: independently audited, scope-defined, and renewed on a structured cycle. Others we're aligned with, meaning our architecture, processes, and controls are designed to meet their requirements. And some are third-party verifications that confirm specific commitments we've made. Below, we're specific about which is which.

Audited. Renewed. On the record.

ISO/IEC 27001:2022 certification

ISO/IEC 27001:2022 is the international standard for information security management systems (ISMS). Achieving certification means our security controls, risk management processes, and operational practices have been independently audited and found to meet the standard's requirements – and that we maintain and renew that status through regular surveillance audits. For customers, it means the security posture we describe isn't self-assessed: it's been examined by an external body and confirmed against a defined, internationally recognised benchmark.

European data protection, by design.

GDPR alignment

The General Data Protection Regulation (GDPR) sets the rules for how personal data is collected, stored, processed, and transferred across the EU and EEA. Our platform is designed with GDPR requirements in mind: covering data minimisation, purpose limitation, rights of access and erasure, and clear processing boundaries. For customers operating under GDPR obligations, this means SecureSafe is built to support your compliance posture, not complicate it. However, alignment at platform level does not in itself make a customer organisation GDPR-compliant, as compliance also depends on how the platform is configured and used within your own processes.

Swiss data protection, built in from the start.

FADP alignment

The Swiss Federal Act on Data Protection (FADP) governs how personal data is handled within Switzerland, with requirements that closely parallel – and in some areas exceed – those of the GDPR. As a Swiss-based company, alignment with the FADP isn't a retrofit: it reflects how our data handling, storage, and processing practices have been structured from the outset. For customers based in Switzerland or exchanging data across Swiss jurisdiction, this provides a clear, legally grounded foundation. As with any legal framework, this supports customer compliance efforts but does not by itself guarantee compliance in every use case.

Operational resilience for regulated environments.

DORA alignment

The Digital Operational Resilience Act (DORA) establishes requirements for ICT risk management, incident reporting, and third-party oversight within the EU financial sector. Our architecture and operational practices are aligned with DORA's requirements, which is relevant for financial institutions and their technology partners operating under its scope. For customers in regulated financial environments, SecureSafe is designed to function as a resilience-supporting component, not a compliance liability.

Raising the baseline and meeting it.

NIS2 alignment

The NIS2 Directive strengthens cybersecurity requirements across critical and important sectors in the EU, including requirements around risk management, supply chain security, and incident response. Our security controls, access management, and operational practices are aligned with NIS2's framework. For organisations within NIS2 scope, or those evaluating their supply chain exposure, SecureSafe is structured to reduce, not add to, that risk surface.

Built for the standards Swiss finance demands.

FINMA alignment

FINMA, the Swiss Financial Market Supervisory Authority, sets out supervisory expectations relevant to data governance, outsourcing, and operational security for supervised financial institutions. Our platform and operating model are designed to support key expectations relevant to SecureSafe’s use in regulated environments, including access control, auditability, and outsourcing-related due diligence. For Swiss financial institutions and their partners, this helps position SecureSafe as a platform that can support operation within your regulatory framework.

Developed in Switzerland. Verified as such.

Swiss-made software

The Swiss Made Software label is awarded to software products that meet defined criteria for development, maintenance, and support activity within Switzerland. Carrying this label means our software has been independently reviewed and verified against those criteria – it's not a self-declaration. For customers to whom provenance, local accountability, and Swiss quality standards matter, this verification provides a defined, auditable basis for that confidence.

Our environmental commitments, independently tracked.

myclimate verification

myclimate is a leading Swiss climate protection organisation. We use myclimate's reporting software to track our carbon footprint and implement targeted reduction measures – and go further with a climate contribution payment to support verified sustainability projects. For customers who factor environmental responsibility into procurement decisions, this means our sustainability commitments are actively measured, reported, and backed by concrete action.

FAQs

Find answers to your most important questions explained here.

What's the difference between "certified," "aligned," and "verified"?

These terms aren't interchangeable, and we use them deliberately.• Certified means we've been independently audited against a defined standard and formally awarded a certificate as a result. We hold one certification: ISO/IEC 27001:2022.• Aligned means our architecture, processes, and controls are designed to meet the requirements of a given regulatory framework, but the framework itself doesn't issue a certificate. GDPR, FADP, DORA, NIS2, and FINMA all fall into this category.• Verified means a third party has confirmed a specific claim or commitment we've made. Our Swiss Made Software label and myclimate partnership are both independently verified.

What does ISO/IEC 27001:2022 certification actually cover?

ISO/IEC 27001:2022 covers our information security management system (ISMS): the policies, processes, controls, and organisational practices we use to manage information security risk. Certification means an accredited external auditor has reviewed our ISMS against the standard's requirements and confirmed it meets them.

How is the ISO/IEC 27001:2022 certification maintained?

ISO 27001 certification isn't a one-time milestone. It requires regular surveillance audits – typically annually – and a full recertification audit on a three-year cycle. This means our ISMS is subject to ongoing external scrutiny, not just a point-in-time review.

Does SecureSafe's GDPR alignment mean my organisation is automatically GDPR-compliant?

No, and it's important to be clear about this. SecureSafe's GDPR alignment means our platform is designed to support your compliance obligations as a data controller. Whether your organisation is fully GDPR-compliant depends on how you use the platform and your own internal processes.

What does FADP alignment mean for Swiss customers specifically?

Switzerland's Federal Act on Data Protection (FADP) sets requirements for how personal data is processed within Switzerland. Our alignment with the FADP means that Swiss customers can use SecureSafe with confidence that the platform's data handling practices are structured to meet Swiss legal requirements.

What is the Swiss Made Software label, and why does it matter?

Swiss Made Software is an independently verified label awarded to software products that meet defined criteria for development, maintenance, and support activity in Switzerland. It's not a self-declaration: it's reviewed and granted by the Swiss Made Software association.

What does the myclimate partnership involve?

We use myclimate's reporting software to measure and track our carbon footprint, and we make a climate contribution payment to support verified sustainability projects. myclimate is a leading Swiss climate protection organisation, and their involvement means our environmental commitments are externally tracked and supported.

Where can I access certification documentation for due diligence purposes?

If you're running a procurement process or internal due diligence and need formal documentation, including our ISO/IEC 27001:2022 certificate, alignment statements, or supporting materials, please get in touch with our team directly.

We operate in the EU financial sector. How does DORA alignment affect us?

DORA places specific requirements on financial entities and their ICT service providers around operational resilience, risk management, and incident reporting. Our alignment with DORA means our architecture and operational practices are designed to meet those requirements.

What does NIS2 alignment mean in practice?

NIS2 raises the cybersecurity baseline for organisations in critical and important sectors across the EU, and extends obligations to supply chain partners. Our NIS2 alignment reflects that our security controls, access management, and incident response practices are structured in line with NIS2's requirements.

We're a FINMA-supervised institution. What does SecureSafe's FINMA alignment cover?

Our platform is designed to support areas most relevant to FINMA-supervised institutions, including access control, auditability, and outsourcing-related governance and due diligence. DSwiss AG is not itself a FINMA-supervised entity, but SecureSafe is operated in a way intended to support customers in meeting their own obligations.

Does alignment with these frameworks cover all versions and jurisdictions?

Alignment is always framework- and scope-specific. For example, GDPR applies across the EU and EEA, FADP applies within Switzerland, DORA and NIS2 have defined sectoral and organisational applicability criteria. Our alignment reflects the requirements of each framework as they apply to SecureSafe as a platform and data processor. If you have questions about how a specific framework applies to your organisation's use of SecureSafe, we're happy to discuss this in more detail.