Skip to main content
The Swiss Compliance Knife

SDCS

Swiss Data Compliance System
for ISO 27001 · 27701 · 27018 & more

SDCS is the Swiss enterprise solution for information security — developed in Zurich, operated where you want: Swiss Cloud or On-Premise. AI-powered gap analysis, intelligent importer for existing ISO documentation, and deep integration into your business processes.

Swiss Made · ZurichISO 27001 · 27701 · 27018Cloud & On-Premise
Discover Platform
DU DA
DocumentationShallsControlsTrainingsMgmt ReviewReport Incident!
The Swiss Compliance Knife

SDCS

Swiss Data Compliance System
for ISO 27001 · 27701 · 27018 & more
Governance, Risk, and Compliance (GRC)
GRC stands for Governance, Risk & Compliance. All ISMS documents, policies, tools, and evidence are centrally managed. The permission system ensures every user sees only what they should.
Documentation
Policies, guidelines, and instructions centrally managed
AI-powered creation & automatic versioning
Role-based access for all employees
Trainings & Awareness
Plan & track security awareness trainings
New employees automatically get the right trainings
Certificates & completion rates at a glance
Shalls & Controls
ISO 27001 requirements with implementation status
Statement of Applicability (SoA) directly in frontend
Maturity assessment & evidence mapping
Risk Management
Structured risk analysis & risk treatment plan
Assess, treat & monitor risks
Direct link to controls & measures
Report Incident
Capture security incidents quickly & structured
Automatic notification of responsible parties
Document measures & lessons learned
Management Review
KPIs & trends automatically prepared
Structured reviews with recommendations
Audit preparation at the push of a button
AI
ISO 27001
Fully covered
ISO 27701
Privacy integrated
ISO 27018
Cloud Privacy
Swiss Made
Zurich, Switzerland
Governance, Risk & Compliance

Everything in one place.
For everyone.

GRC stands for Governance, Risk & Compliance. SDCS centrally manages all ISMS-related documents, policies, tools, and evidence — with a granular permission system for every role.

The permission system ensures that every user sees only what they should — in terms of content and structure. Roles for management, ISO officer, DPO, HR, and employees.

Statement of Applicability (SoA) directly in the frontend
Execution plans for audits, controls, and training
Incidents, measures, and exceptions documented
User permissions determine view and edit rights
DU DA
DocumentationShallsControlsTrainingsMgmt ReviewReport Incident!
Headings:
Search headings...
Category:
All
Requirement no.:
Search...
Implementation status:
All
Responsible:
All
ISO Ref:
Search ISO Ref...
64 of 64 entries
4 Context of the Organization
4.1 Understanding the organization and its context
The organization shall determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its ISMS.
Category iso_27001
Requirement no.: 1Responsible: Management (CEO)
Requirements
Description: The organization shall determine external and internal issues that are relevant to its pur...
Implementation Status
Maturity: established
Description of the current implementation status of the requirement
The internal and external context of the ISMS is comprehensively documented. The 'ISMS Scope' document describes in detail how internal and external influences affect the ISMS.
Security requirements and evidence:
Applicable internal requirements, regulations, policies, and managed evidence, records
Tools, Managed Evidence, Records - Asset Inventory
ISMS Policy - 2.1 Dependencies
ISMS Scope - Stakeholders and their requirements
4 Context of the Organization
4.2 Understanding the needs and expectations of interested parties
The organization shall determine interested parties that are relevant to the information security management system and the requirements of these interested parties relevant to information security.
Category iso_27001
Requirement no.: 2Responsible: Management (CEO)
Requirements
Description: The organization shall determine interested parties that are relevant to the information s...
Implementation Status
Maturity: established
Description of the current implementation status of the requirement
The requirements and expectations of interested parties are comprehensively documented. The ISMS Policy and the 'Tools' document show a clear identification and consideration of these requirements.
Security requirements and evidence:
Applicable internal requirements, regulations, policies, and managed evidence, records
Tools, Managed Evidence, Records - Stakeholders
ISMS Policy - 2.1 Dependencies
ISMS Scope - Stakeholders and their requirements
AI
Feature Scope

Everything a modern ISMS needs.

Documentation

All ISMS policies, guidelines, and instructions centrally managed. AI-powered creation and automatic versioning.

Shalls & Controls

ISO 27001 requirements with implementation status, maturity, and direct evidence mapping.

Risk Management

Structured risk analysis, risk treatment plan, and Statement of Applicability (SoA) in one workflow.

Trainings & Awareness

Plan, execute, and track security awareness trainings — including automatic reminders.

Management Review

Structured management reviews with automatically prepared KPIs, trends, and recommendations.

Granular Permissions

Every user sees only what they should — in content and structure. Roles for management, ISO, DPO, HR, employees.

AI Assistant

Context-sensitive chatbot for all employees. Answers ISMS questions, explains requirements, and guides through processes.

Process Automation

Contracts, HR policies, and legal department directly integrated. Automatic workflows on changes.

Intelligent Importer

Easily import existing ISO documentation. AI recognizes structure and assigns content automatically.

ISO Compliance Package

Re-certification?
Extremely simplified.

SDCS includes a default integration of the official ISO package PUB200277 (ISO 27001:2022 + ISO 27701:2025 + ISO 27018:2025). All templates, controls, and evidence structures are pre-installed — re-certification becomes a structured process instead of a project.

ISO 27001:2022 — Information Security
ISO 27701:2025 — Privacy Information Management
ISO 27018:2025 — Cloud Privacy
DU DA
DocumentationShallsControlsTrainingsMgmt ReviewReport Incident!

ISMS Policy

Created At: 9.10.2025Updated At: 10.3.2026

1. Introduction

1.1 Purpose and Scope

By implementing an ISMS according to ISO 27001, the organization commits to meeting information security requirements within an appropriate and economical framework. The ISMS also considers the requirements of a Privacy Information Management System (PIMS) according to ISO 27701.

1.2 Scope of Application

The ISMS Policy applies to the entire organization. Within the organization, an Information Security Management System (ISMS) according to ISO 27001 is operated. The ISMS is extended by ISO 27701, which sets requirements for a Privacy Information Management System (PIMS).

2. ISMS Framework

2.1 Dependencies

The information security policy serves as the overarching, strategic document. The ISMS Scope defines the scope and boundaries of the information security management system. The scope describes internal and external influences, stakeholders, dependencies, and risks.

2.2 Continuous Improvement via PDCA Model

The ISMS fulfills the requirements (Shalls) according to ISO 27001, chapters 4–10. As part of a risk analysis, risks within the ISMS scope are identified, assessed, and subsequently linked to controls and measures.

3. Security Processes

3.1 Risk Management (Information Risk Management)

As part of a risk analysis, risks within the ISMS scope are identified, assessed, and subsequently linked to controls and measures. Information and data protection risks are documented together with controls and measures in the risk treatment plan.

3.2 Asset Management (Inventory)

The ISMS Policy specifies what types of assets exist and how they are to be classified and categorized. When setting the status to 'DECOMMISSIONED', the mandatory field 'Disposal Protocol' must additionally be filled in.

ON THIS PAGE
Tools
Asset Inventory / Classification
Risk Management
Exception Management
Security Incident Management
Audit Management
Training, Awareness
Employee Mutations
Management Review
Managed Evidence, Records
Information Security Policy, Guidelines
Encryption
Information Security Objectives
Logging & Monitoring
AI
Migration & Onboarding

Existing ISO docs?
Simply import.

The SDCS importer analyzes your existing ISO documentation, automatically recognizes the structure, and assigns content to the right modules. No manual retyping, no data loss.

Word, PDF, Excel — all formats recognized
AI maps content to ISO requirements
Gaps are automatically identified
Onboarding in days instead of months
SDCS Import running...
ISMS-Policy.docx
Waiting...
RiskAnalysis_2024.xlsx
Waiting...
SoA_v3.pdf
Waiting...
Controls_Annex_A.xlsx
Pending
AI
Automation

SDCS lives in daily work —
not just at the audit.

Contract Management

Automatically review contracts with data protection clauses and document them in the ISMS.

HR Policies

New employees automatically receive the right trainings and guidelines.

Legal Department

Legal changes are detected and created as requirements in the ISMS.

Supplier Management

Supplier assessments and contracts directly linked to ISO controls.

Audit Preparation

Automatic compilation of all evidence for internal and external audits.

Management Review

KPIs and trends are automatically prepared — ready for the next review.

SDCS AI Assistant
AI Assistant...
Ask a question...
AI Assistant

Every employee.
Every question. Instantly.

The integrated SDCS AI bot knows your entire ISMS — policies, requirements, processes, and responsibilities. Every employee receives context-accurate answers tailored to their role.

Answers ISMS questions in real time
Explains ISO requirements in plain language
Guides through processes and forms
Considers role and permissions
SDCS Trainings
My Courses
Management Intro Quiz
Intro quiz for management
8 Slides
10m
Progress0%
Awareness Training
Information security for all employees
22 Slides
12m
Progress0%
Data Protection Onboarding
Mandatory training for new employees
14 Slides
8m
Progress0%
Example Question
What is the goal of an ISMS according to ISO 27001?
A
Ensure maximum IT performance
B
Systematically manage information security risks
C
Train all employees to become IT experts
Certificate available
Printable certificate after completion — for the workplace
AI
Trainings & Awareness

Training that
actually sticks.

SDCS automatically creates trainings based on vulnerabilities and incidents from the past year — supplemented by a mix of important awareness topics. Each training group receives tailored content matching their role.

AI analyzes incidents and vulnerabilities from the past year
Role-specific content: management, ISO, DPO, HR, employees
Interactive quiz questions with immediate feedback
Printable certificate after successful completion
Complete logging — full traceability
Onboarding of new employees: simple and compliant
Hosting & Data Protection

Swiss Made.
Your data. Your location.

SDCS is developed and operated in Zurich. You choose: Swiss Cloud hosting in certified Swiss data centers — or we install SDCS On-Premise in your own infrastructure. We take over full operations.

Swiss Cloud

Hosting in certified Swiss data centers, fully operated by DU DA AG

On-Premise

Installation and operation in your own infrastructure — we handle everything

GDPR Compliant

Full compliance with EU & Swiss data protection

Encrypted

End-to-end encryption of all data

SDCS Infrastructure
Swiss Cloud · Zurich
Uptime
0%
Data Encryption
0%
Backup Cycles / Day
0x
Response Time SLA
0h
All systems operational
ISO 27001 certified data center · Zurich, Switzerland
Swiss Cloud
Managed by DU DA AG
On-Premise
In your own infrastructure
AI
Market Comparison

Why SDCS?

A fair comparison based on publicly available information (as of Q1 2026). All providers have their strengths — SDCS differentiates through Swiss hosting, deep ISO integration, and process automation.

FeatureSDCSVantaDrataSprintoISMS
Swiss Made & Hosting
On-Premise Option
ISO 27001 complete
ISO 27701 (Privacy)
ISO 27018 (Cloud)
SOC 1 / SOC 2 / SOC 3
ISO 9001 (Quality)
Intelligent ISO Importer
AI Employee Bot
Granular Permission System
HR/Contract Automation
German-language UI
Re-certification Package

Sources: G2, Capterra, Vanta.com, Drata.com, Sprinto.com, ISMS.online (as of March 2026). No warranty.

Pricing

Fair pricing
for every company size.

From SME to enterprise — SDCS adapts to your organization. All prices on request, transparent and without hidden costs.

Starter

SMEs & Start-ups

For companies pursuing their first ISO 27001 certification.

Up to 50 users
ISO 27001 core module
AI assistant
Email support
Recommended

Professional

Growing companies

Full SDCS platform with automation and extended ISO package.

Up to 250 users
ISO 27001 + 27701 + 27018
Process automation
Intelligent importer
Priority support

Enterprise

Corporations & Authorities

On-Premise or dedicated cloud hosting, custom integrations.

Unlimited users
On-Premise / Private Cloud
Custom integrations
Dedicated success manager
SLA guarantee
New Modules

Stay up to date.

We continuously expand SDCS. Subscribe to our newsletter and be the first to know when new standards like SOC 1, SOC 2, SOC 3, ISO 9001, and more modules become available.

No spam. Only relevant updates. Unsubscribe anytime.

Ready for SDCS?

Talk to us — we'll show you in 30 minutes how SDCS works in your organization.

MADE IN SWITZERLAND