Information security has always been a top priority at armasuisse. For this reason, management intends to follow the basic principles set out in ISO 27001:2013 (Information Security Management System, ISMS) and risk-appropriate and economically appropriate information security processes. armasuisse shall be obliged to observe the associated regulations for all armasuisse competence sectors and sites.

armasuisse holds a great deal of confidential information about security-related systems and properties, defence and security technologies, and suppliers. IT resources, rooms and people can all be classed as information carriers.

A number of fundamental rules must be observed in order to protect information. With respect to the principle of confidentiality, classified information must only be made accessible and disclosed to authorised persons if said persons require this information in order to carry out their work (need-to-know principle). It must also be ensured here that unauthorised changes cannot be made to the information (principle of integrity). Any instances in which the confidential information has been accessed or edited must also be able to be traced (principle of detectability). Finally, the security-related processes must also be able to be revised, where necessary.

All internal and external armasuisse employees shall be individually obliged to protect the information and the supplied means of communication against loss, falsification, damage and misuse of any kind. In so doing, the guidelines set out by the Swiss federal government (IPO) and the DDPS (WIns DDPS and WSVIns DDPS) must be observed. Information security must be integrated into all processes and projects in which information is collected or processed. The focus, however, is on protecting information that is confidential and could have serious or significant consequences, should it enter into the possession of unauthorised persons. Security risks must be identified, and measures aimed at reducing such risks must be implemented expediently and in a cost-effective manner (cost-benefit ratio). Residual risks can be consciously assumed by management.

Our ISMS was certified at the end of August 2019 by the Swiss Association for Quality and Management Systems (SQS) – similar to ISO 9001 (quality management system) and 14001 (environmental management system).

For further information and questions please contact the contact person in the right column.