Our ICT Minimal Standard audit helps you understand the current maturity of all your organization's existing security measures. This knowledge is critical for planning the next steps you need to take to improve the security of your systems, people and processes.

What is the ICT minimum standard?

The ICT Minimum Standardwas launched by the Federal Office for National Economic Supply FONES and offers all organizations assistance in strengthening their own cyber security. It contains recommendations and orientation points for improved resilience against cyber attacks. Our audit thus enables you to use recognized knowledge that is geared towards Switzerland.

For whom is this audit suitable?

• For organizations, private companies as well as public institutions, that want to understand the current maturity level of their cybersecurity.
• For organizations that want to start a long-term project with several steps to improve their security.

What is the process of an ICT Minimal Standard audit?

The audit consists of the following phases:

• The kickoff meeting, at which a schedule is jointly determined and the customer receives all the information about the audit.
• The self-assessment, in which the customer assesses its own maturity level. This phase is also important to evaluate all the measures already taken.
• The analysis, where terreActive uses the following sources for the evaluation

       o the self-assessment carried out in the previous phase
       o the internal documentation provided by the customer to terreActive
       o the interviews that terreActive will conduct on site with the responsible employees of the customer

    The reporting and presentation of the results.

What are the benefits of this audit?

The purpose of an ICT minimum standard audit is to make your organization aware of the current state of your security posture. In addition, the recommended measures that terreActive will provide you with after the audit will enable you to further improve the quality of your cybersecurity.

The ICT minimum standard works with different levels of maturity. Not everyone needs the same level of maturity in all functional areas. Therefore, this audit allows you to determine the required level per function and to adapt the scope of measures to your organization. Thus, your individual cybersecurity needs, the scope of measures and the budget are aligned.

Result (Output)

As a result of the audit, you receive:

• The ICT tool, which includes your organization's maturity level with a rating from 0 to 4 for each individual control and for the different functions of NIST.
• The final report, which includes a management summary and a functional summary for each of the five NIST functions.
• Recommended actions to strengthen security, which are listed and prioritized in the report so you have clear guidance on next steps.
• The presentation of the results and report, in which we analyze the current situation.