AUDIT and CERTIFICATION
-
ISO 9001:2015 – Quality Management System
Helps organisations improve internal organisation, customer satisfaction, and process efficiency, enhancing overall competitiveness.ISO 14001:2015 – Environmental Management System
Enables organisations to control and reduce the environmental impact of their activities, promoting sustainability and compliance with environmental regulations.ISO 45001:2018 – Occupational Health and Safety Management System
Improves working conditions, reduces risks, and contributes to protecting workers’ health and safety.ISO/IEC 27001 – Information Security Management System (ISMS)
ISO/IEC 27001 helps organisations protect data and critical information by reducing the risk of cyber incidents and loss, alteration, or unauthorised access. Through a structured, risk-based approach, it defines processes, roles, and controls to ensure the confidentiality, integrity, and availability of information, strengthening business continuity and trust with customers and stakeholders.ISO/IEC 27701 – Privacy Information Management System (PIMS)
ISO/IEC 27701 extends ISO/IEC 27001 by introducing a dedicated framework for privacy and personal data processing. It supports organisations in defining responsibilities, procedures, and controls to manage the full lifecycle of personal data, facilitating alignment with applicable requirements (e.g., GDPR and local regulations) and increasing transparency, accountability, and trust.
In a competitive and global market we support companies to promote the quality in every aspect of their business: from the way they operate to the levels of service guaranteed to the customer. We accompany you during the certification process, issued by our accredited partner, or assist you during the transition from your certification body to ours, with the help of qualified personnel. Through the certification you can allow your company to access new markets, strengthen your reputation in terms of image and "brand equity" and ensure the efficiency and the quality of your business.
In the field of Data Protection Law, we help companies to face with the implications of such legislation, leading to an understanding of how compliance can become an opportunity rather than an obstacle. It is also an opportunity for business consultants and professionals to understand the potential for collaboration with professionals in the sector for B2B and B2C collaborations in the field of Data Protection Law.
Secure PMI – Cybersecurity
Secure PMI
The Secure PMI program supports small and medium-sized enterprises in implementing an information security system aligned with leading international standards such as ISO/IEC 27001 and ISO/IEC 27701, as well as the new European requirements introduced by the NIS 2.0 Cybersecurity Framework.
Its goal is to prevent cyberattacks, ensure business continuity, and protect both business and personal data through a risk-based approach, staff training, and the adoption of technical and organisational measures proportionate to the company’s size and operating context.
Maritime Application – UAR 26 and EU Regulation 2024/26
In the maritime sector, Secure PMI Maritime integrates the principles of NIS 2.0 with the guidelines of EU Regulation 2024/26 (UAR 26), which strengthens cybersecurity obligations for maritime organisations and transport operators.
The system includes the assessment of digital risks on board and ashore, the protection of OT/IT infrastructures, remote access management, and coordinated incident response. This enables shipping companies to demonstrate regulatory compliance, reduce system vulnerabilities, and ensure the security of operations and data throughout the entire logistics chain.
Services Included in the Secure PMI Program
Cybersecurity Assessment
Technical assessment of the company’s security posture through vulnerability scanning, credential review, antivirus and firewall checks, and simulated phishing testing. Final deliverables include a report with a Cyber Risk Score and an improvement plan.
Compliance Verification and Privacy Compliance
Review of processing activities, technical and organisational measures, and existing documentation. Concludes with a structured gap analysis and prioritised actions in line with GDPR, Swiss nFADP (nLPD) and NIS 2.0 requirements.
Privacy Documentation
Drafting or updating of key mandatory documents: Record of Processing Activities, privacy notices, appointments/roles, Privacy & Cookie Policy, operating procedures, and the Data Breach Register.
Cybersecurity Hardening
Implementation of essential protection measures: MFA, advanced password policies, backup and data retention configuration, email protection, and guidance for network and device management. Focus on operational security and threat prevention.
Staff Training
Dedicated training session on cybersecurity and data protection, with a focus on phishing, safe digital practices, and responsible behaviour. Includes a final test and certificate of attendance.
Final Certification and Audit
At the end of the program, the company receives the Secure PMI™ Compliance Certificate, the complete Audit Report, the Cyber & Privacy Risk Score, and the Annual Improvement Plan to support compliance and continual improvement.
Swiss Business Group Solution supports SMEs in managing quality, information security, and data protection through a practical approach tailored to real business needs.
We provide professional services for ISO/IEC 27001:2022 certification, the privacy extension ISO/IEC 27701, FADP (nFADP)/GDPR compliance, and the strengthening of cybersecurity measures—integrating governance, processes, and technical controls in a simple and efficient way.
Our goal is to help companies operate securely, compliantly, and in a structured manner by reducing risks, improving internal efficiency, and enhancing credibility and business continuity for customers, partners, and stakeholders.
Federal Act on Data Protection (LPD & GDPR)
Our Data Protection Services
-
Risk Analysis & Data Protection Impact Assessments (DPIA)
-
Drafting and Updating of Privacy Notices
-
Tailored Training for Employees and Management
-
Implementation of Data Management Procedures & Compliance Documentation
-
Support in the Appointment and Role of the Data Protection Officer (DPO)
Bring your company into full compliance with the new nFADP
The entry into force of the new Swiss Federal Act on Data Protection (nFADP / nLPD) represents a significant challenge for companies, but also a real opportunity to strengthen their organisation, improve information management, and build greater trust with customers and partners. Through our consulting service, we support businesses in addressing all the implications of the regulation in a structured way, turning nFADP compliance into a true strategic lever. It is not only about avoiding penalties or meeting a legal obligation: data protection also means safeguarding the company’s information assets, improving corporate governance, and standing out in the market.
In addition to nFADP, we also provide a comprehensive GDPR (EU) compliance service for organisations that operate in Europe, process personal data within an EU context, or work with customers and suppliers in the European Union. We support the review of processing activities and legal bases, roles and responsibilities (controller/processor), contractual documentation and international data transfers, procedures for data breaches and data subject requests, and the implementation of appropriate technical and organisational measures. The goal is to establish a privacy framework that is consistent, documented, and auditable—reducing risks and friction during audits, procurement processes, and due diligence.
Our approach is also designed for business consultants, legal professionals, external DPOs, IT specialists, and trainers who want to develop effective collaborations in B2B and B2C environments. We provide tools, expertise, and synergies to build professional partnerships in the privacy sector, enhancing service integration and value creation for end clients.
Personal data protection is no longer a secondary matter: it is a fundamental component of corporate reputation, regulatory compliance, and market competitiveness. With SBGS, you can manage change with confidence and turn it into a tangible advantage.