smart.t AG

Cybersecurity & Compliance

Our methodical approach includes several steps to analyze and implement appropriate security measures and ensure compliance with relevant regulations and regulatory requirements.

1. Risk assessment and compliance review
1. Risk assessment and compliance review

Our approach:

A basic assessment of the IT system landscape together with the business model provides the first information about which security measures should be implemented or which are already be in place.

Together with experts from your company, we analyze existing systems / applications, networks and data. We review legal and regulatory requirements, industry standards and regulations.  

The result:

Potential security risks as well as compliance requirements are identified and documented. Gaps are listed and described in a detailed report which is accompanied by graphics.

2. Guidelines and process development
2. Guidelines and process development

Our approach:

Based on the identified risks and requirements, we jointly develop comprehensive policies and procedures to enhance your cybersecurity and compliance.

The result:

Clear instructions on data security, access control, incident response and other relevant areas in the company. Depending on the level of detail, we create a risk and control system for all or selected areas based on standard market methods, tailored to your company.

3. Implementation of safety measures
3. Implementation of safety measures

Our approach:

We create concepts and support their implementation for the introduction or improvement of technical and organizational security measures. These include firewalls, encryption, intrusion detection systems (IDS), regular software updates and strong authentication procedures.

The result:

Design and documentation of the IT security concept and its implementation.  

Training concept and implementation of awareness training for employees to create or increase cybersecurity awareness.

4. Monitoring and detection
4. Monitoring and detection

Our approach:

Implement mechanisms to continuously monitor networks and systems to detect suspicious activity. We use information and event management (SIEM) systems to identify and respond to potential threats.

The result:

Cybersecurity as a Service (CaaS) - We continuously monitor your systems and provide support in the event of an attack.  

5. Incident Response planning
5. Incident Response planning

Our approach:

Based on our experience in the professional handling of incident management, we create concepts and checklists with you and your IT provider for a professional handling in case of an incident. Based on your industry and the legal requirements, we provide the right procedure for dealing with security incidents.

The result:

The threat can be isolated, we support the company and the IT provider in the recovery of the system and the communication with relevant parties.

6. Regelmässige Risk & Compliance Überprüfung
6. Regelmässige Risk & Compliance Überprüfung

Our approach:

Regular internal and external audits should ensure that all cybersecurity measures are effective and compliance is maintained.

We support the preparation of these audits, help building a solid evidence base and develop concepts how manual tasks can be automated. We are happy to assist you with the implementation of these internal and external requirements by ensuring that they are met.

The result:

Recommendation and / or adaptation of policies and procedures based on new threats or regulations.

Regular review and testing of compliance and evidence generation (reporting).

Training of employees in relevant areas (HR / IT / managers in general).

Continuous improvement

Cybersecurity and compliance are dynamic areas. Continuous improvements are based on experience from already occurred incidents, supported by technology improvements as well as a changes in regulations (regulatory requirements) which ensure a goal-oriented security concept for your company.

Strict adherence to this approach can build a robust cybersecurity infrastructure and ensure that compliance requirements are met.

E-Commerce

Digital Transformaton

Conception, design and implementation of webshops for retail clients (B2B and B2C). Successful transformation of a physical store into a digital presence with focus on customer growth and increasing customer loyalty through an innovative design and user-friendly layout.

Implementation of online marketing campaigns with Google Ads and social media channel management.  

Our mandate:

UI / UX design, graphic design, product presentation, store development and optimization, payment automation, connection to customer management. 

Sector:

Re-design for machine control

UX/UI Design

UX design, prototyping and visual design of entire plant control systems in the manufacturing industry (cable production, grain processing, sanitary products) for various application areas. Concept design and visual design of user interfaces of various machines and mobile apps.
Development of high-fidelity prototypes for control extension.

Our mandate:

UX and visual design machine control, icon library, prototyping, design systemcontrol extension.

Identity & access management

Cyber security & compliance management 

Implementation of a customized identity and access management solution. After the evaluation of the current IT landscape, a needs analysis and planning, the implementation of the IAM* software followed. In parallel, governance was set up, taking into account all regulatory requirements, and the new processes were rolled out to the organization by means of business transformation management.

*Identity and Access Management

Our mandate:

IT Solution Architecture Analysis, Application Design and Development, Business Transformation, Product Management, Project Management

Merger & Akquisition

Innovation

Consolidation of IT architectures and business processes into one company after several acquisitions. The focus was on creating the strategic target image and defining and planning the associated activities for harmonizing the IT systems. Ensuring the ongoing business activities was a must in this context.

With the acquisition of companies, the optimization of customer processes as well as cost optimization in the operation of the IT infrastructure are usually expected.

Our mandate:

Management consulting, IT solution architecture (analysis and definition), project management, supplier and contract management, team management, IT transformation, organizational management, documentation and implementation of requirements, performance and cost statements

Digitization in the healthcare sector

Digital transformation & app development

Development and implementation of an innovative, integrated as well as sustainable mobile and web application introducing the electronic patient record. This included the integration of the emergency passport, a document management solution, registration, login, and multifactor authentication (MFA) processes as well as authorization management including certification based on BSI (Federal Office for Security (DE)) standards. Furthermore, the IT strategy was analyzed regarding global feasibility, cloud capabilities considering time zones, ensuring compliance and data security for the customer as well as responsible associated and carrier companies. The products and services of the Electronic Patient Record (authorization, deputy regulations, automated allocation of services, SLAs) were defined in a business framework supported by a product management process and, after successful introduction, handed over to the operational business iteratively by prioritization.

Our mandate:

Strategy consulting, management consulting, definition of the self-services within the framework of a business framework, evaluation of the cost-benefit ratio, development of the software product, support of the certification at the BSI, support of the market launch.

Risk Management

Risk & Compliance Management

Development and implementation of a robust risk and compliance based management framework according to your business requirements incorporating best practices and standard controls (NIST- / ISO- / BSI-catalog). Today, this foundation is used to ensure that risks can be identified and assessed so that the targeted implementation of mitigating measures and controls sustainably strengthens the company's digital security posture.

Our mandate:

IT security assessment, definition of compliance requirements, creation of a standard risk catalog as well as a standard control system, definition and roll-out of governance processes, business analysis, project management