Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

Unique is committed in its dedication to the ongoing improvement of our Information Security Management System (ISMS) and Quality Management System (QMS), proactively adapting to evolving circumstances. This commitment guarantees robust protection for our customers' sensitive information. Furthermore, it significantly reduces Unique's risk exposure. Through obtaining external certifications, we bolster trust in our brand and product offerings. This enables our partners and customers to efficiently validate the secure and responsible management of their data.

Protection principle  

Confidentiality, availability, and integrity of information must be ensured according to the requirements defined by the customers. 

Responsibility  

All users of ICT services and processes are responsible for security. The requirements for protection are defined by the information owner.  

Access  

The principle of "need-to-know" and “least privilege” applies. Each user may only have access to the data that they need to fulfil their respective tasks. 

Documentation 

All security requirements and measures as well as any deviations from them must be documented. 

Awareness 

Every Unique employee must be aware of the risks associated with the use of information technology and be informed accordingly. 

Privacy 

When collecting and processing information, the necessary protection must be considered to maintain data privacy. In particular, the legal requirements in this regard must be complied with. 

Management of company assets 

The company assets (information, infrastructure, applications, etc.) must be identified and documented. Special attention must be paid to the protection of information assets, which is determined based on the classification concept by the data owner.  

ICT Continuity planning 

Recovery plans and processes must be in place for the critical applications and tested regularly to ensure they are up to date and fit for purpose.  

Risk Management 

ICT security is based on a risk-based approach that is tailored to the needs of the business processes. A process-oriented ICT security management system regularly identifies deviations and violations of the guidelines. For this purpose, suitable metrics are defined to report on the effectiveness of the measures. 

Success control and continuous improvement 

The effectiveness of the measures implemented is checked using suitable metrics and continuously improved as required in accordance with the Deming cycle (plan-do-check-act).  

The entire life cycle of the information must be considered, from creation, processing, storage, transmission, archiving, and deletion to disposal/destruction.  

Security moments 

Sharing good or bad experiences with security and data protection in the daily huddle of Unique, that employees have learned or seen which relates to security. There is also an open special interest group (SIG) to share and communicate in case of security-relevant topics. 

Unique’s approach to corporate governance, risk, and compliance? Adopt a risk-based approach to balance between innovation and challanges

 

The approach to corporate governance, risk, and compliance within Unique is a comprehensive and meticulously crafted framework that reflects our commitment to operating at the highest ethical and regulatory standards, particularly within the financial service industry. Our foundation lies in robust policies and procedures, tailored to the unique demands of this sector. We prioritize data protection, meticulously adhering to both Swiss data protection laws and GDPR for Europe, ensuring that customer data remains secure and compliant.

To manage risk effectively, we adopt the ISO 9001 principles, embedding a culture of continuous improvement and quality assurance throughout our operations. An integral component of our approach is the implementation of an additional security layer, aptly named the "compliance layer," which bolsters the security of our applications, safeguarding them against potential threats.

To strengthen our governance and compliance posture, we have established a dedicated sub-processor management system that ensures all third-party partners adhere to our rigorous standards. Moreover, our commitment to transparency and accountability is underscored by our regular collaboration with external auditors who rigorously validate our corporate governance, risk management, and compliance strategies (e.g. ISO 27001, 9001, SOC 2). This holistic approach underscores our unwavering dedication to the trust and satisfaction of our clients while upholding the highest industry standards.

Details on Unique’s approach to coporate governance

Corporate governance for Unique is crucial for maintaining trust, compliance, and effective operations. Here are key elements of corporate governance specific to Unique:

  1. Board of Directors: we have established a diverse and experienced board of directors that provides strategic guidance and oversight, ensuring representation from both financial and tech sectors (regular meeting documentation can be found in Unique app).

  2. Regulatory Compliance: we aim to stay on top of Swiss financial regulations and ensure strict compliance with all applicable laws, including FINMA (Swiss Financial Market Supervisory Authority) regulations. We plan a report of all FINMA-related activities (esp handling of CID data, risk management approach) to be validated by an external auditor by end of Q4 2023.

  3. Data Protection: we adhere to Swiss data protection laws, including the Federal Act on Data Protection (FADP), and the GDPR for European clients, safeguarding sensitive financial and personal data. In addition, we have various technical measures in place (PAM, lockbox, IAM policy) to ensure the highest level of data protection.

  4. Data classification: we have a data classification in place that is according to ISO 27001 standards and can be found here (ISMS Asset management & data classification - UNIQUE - Confluence (atlassian.net)).

    • C0 = public information / data

    • C1 = internal information / data

    • C2 = confidential information / data

    • C3 = secret information / data

  5. Ethical Framework for AI: Develop and communicate a code of ethics for AI and conduct that all employees and stakeholders must adhere to, emphasizing integrity, transparency, and accountability.

  6. Risk Management: Implement a robust risk management framework, following ISO 9001 principles, to identify, assess, and mitigate risks associated with technology, data security, and financial operations. Monthly risk review: we establish a monthly review for risk management (ISO 27001 and 9001). In addition, we engage in a bug bounty program to identify potential threats early on.

  7. Financial Reporting: Maintain accurate and transparent financial reporting practices, following Swiss Generally Accepted Accounting Principles (Swiss GAAP) or International Financial Reporting Standards (IFRS).

  8. Internal Audits: we perform regular internal audits as control mechanisms to prevent fraud, mismanagement, and data breaches, with a focus on segregation of duties and access controls.

  9. Stakeholder Engagement: Foster open communication with shareholders, soliciting their input and addressing concerns through regular meetings and reports (e.g. Unique exchange)

  10. Customer Data Protection: Prioritize customer data security and privacy, ensuring encryption, access controls, and secure data handling practices in line with regulatory requirements.

  11. Cybersecurity Measures: Continuously invest in cybersecurity infrastructure, including intrusion detection, penetration testing, and incident response plans to safeguard against cyber threats.

  12. Disaster Recovery and Business Continuity: Develop comprehensive disaster recovery and business continuity plans to ensure uninterrupted service delivery, especially during unforeseen events.

  13. Transparency and Accountability: Publish annual reports and financial statements, disclosing relevant information to stakeholders and the public.

  14. Compliance Training: Provide ongoing compliance training and awareness programs for employees to ensure a deep understanding of regulatory requirements.

  15. External Audits: Engage external auditors and conduct regular independent audits of financial statements and internal controls to verify compliance and identify areas for improvement.

By incorporating these elements into their corporate governance framework, Unique is serving financial services in Switzerland and beyond can enhance trust, regulatory compliance, and overall operational excellence.

 


  • No labels