Security, Compliance & Data Protection

At UNIQUE, the foremost objective is to build and execute the most secure GPT-based solutions for the financial services industry (FSI) and emerge as a leading partner for GPT-driven use cases in this sector. Ensuring the security of sensitive data entrusted to financial services customers is UNIQUE’s leading commitment. Therefore, we prioritise the security and resiliency of their IT systems, applications, and business processes.

Unique closely partners with Microsoft to offer GenAI solutions in a secured and controlled environment: when working with Unique and using Microsoft Azure OpenAI Services, users are using an enterprise and private instance of OpenAI’s ChatGPT packaged and hosted by Microsoft Switzerland (prompts and answered are not shared with OpenAI nor Microsoft; to be precise: Microsoft processes the data but never stores the data).

We foster a highly secure IT setup and adhere to the principle of data minimisation, incorporating the most robust compliance setup possible in the industry. This proactive approach enables us to reduce any potential misuse of credentials, securely store and manage client data, adhere to the highest privileged access standards, and respond swiftly to emerging threats. Systems are designed to provide exceptional resistance to data exfiltration, and the UNIQUE team recognises that security has to be integrated across the company within the development lifecycle, IT operations, and business processes.

Read more about our Secure Software Development Lifecycle.

 

Unique’s proactive stance includes a robust bug bounty program, inviting skilled penetration testers to help fortify our defences. Complementing these measures, our compliance with Swiss as well as the
EU-GDPR ensures stringent data protection and privacy practices. This commitment to security is further solidified by our ISO 9001 and ISO 27001 certifications, reflecting our dedication to quality management and information security excellence. Since the end of 2023, we are also SOC2 Type 2 certified, a testament to our internal controls and systems related to security, availability, processing integrity, confidentiality, and privacy of data.

Security

Unique FinanceGPT is built with security in mind:

9001-EN.png

At Unique, we're proud to be ISO-9001 compliant, a testament to our commitment to quality and continuous improvement. Our processes are streamlined and customer-focused, ensuring top-tier service and reliability.

27001-EN.jpg

Unique proudly upholds the ISO-27001 standard, demonstrating our unwavering commitment to information security management. Safeguarding data and ensuring privacy are at the heart of what we do.

Unique successfully attained their SOC 2 Certification which focuses on robust data protection, emphasising security, availability, processing integrity, confidentiality, and privacy within service organisations.

 

 

Compliance

We are fully compliant with both Swiss and EU-GDPR.

Unique was built on the principles of Privacy by Design and Privacy by Default. The two principles are grounded on the new Act on Federal Data Protection (nFADP) that has been in the legislature from 1. September 2023 with the first one requiring developers to integrate the protection and respect of user’s privacy into the very structure of the products or services that collect personal data. The latter ensures the highest level of security as soon as the products or services are released, by activating by default which means that all software, hardware, and services must be configured to protect data and respect the privacy of users (Art. 7 para. 1 FADP).

Read more about our Compliance Layer: Compliance Layer 2.0

 

FINMA

As Unique operates in the Banking sector, we are under the authority of the Swiss Financial Market Supervisory Authority (FINMA) and therefore, comply with the relevant Circular and other regulations at all times.

In particular, we have established verifiable internal controls to comply with security regulations and procedures. For each service, we agree on and apply suitable organisational and technical measures to protect data against unauthorised processing. This ensures data accessibility, confidentiality, safety, availability, and integrity.

For all FINMA-relevant, significant outsourced functions a description of the outsourced function, its provider (including any sub-contractors) and the recipient as well as the responsible party are maintained in the inventory.

Read the circular: FINMA Circular 2018/3

 

Furthermore, we have dedicated policies and procedures concerning the segregation of duties, risk management and internal controls.

Read the circular: FINMA Circular 2023/1

 


Author

@Daylan Araz

 

© 2024 Unique AG. All rights reserved. Privacy PolicyTerms of Service