ISO 27001: Strengthening Information Security at Sunrise

In August, Sunrise achieved ISO 22301 certification for our business continuity management system (BCMS), highlighting the company’s commitment to resilience and operational excellence. As one of the few telecom providers in Switzerland with this certification, we’re continuing to strengthen our governance with a suite of ISO certifications, including ISO 9001, ISO 14001 and ISO 27001. In this interview, Andreas Meier, Senior Director Compliance, Regulatory & Governance, and Ole Christian Lie, Senior Information Security & BCM Officer, discuss the significance of ISO 27001, its role in our governance, and its impact on our sustainability efforts.

Séverine de Rougemont

September 30, 2024 ^. 3 minutes read

The Sunrise goal is to achieve ISO 27001 Information Security Management System (ISMS) certification every year.

It’s crucial to understand the role standards and certifications play in shaping the Sunrise commitment to sustainability and responsible corporate stewardship. Over the past years Sunrise has proudly maintained its ISO 27001 certification (for the former Sunrise both before the merger and continuously since 2014), a testament to its dedication to upholding the highest standards of information-security and governance.

In this interview, Andreas Meier, Senior Director Compliance, Regulatory & Governance and Ole Christian Lie, Senior Information Security & BCM Officer at Sunrise give their insights into the significance of ISO 27001 certification within the governance structure, the journey towards achieving and sustaining this certification, and its impact on the company’s sustainability initiatives.

Ole Christian Lie, Senior Information Security & BCM Officer and Andreas Meier, Senior Director Compliance, Regulatory & Governance.

Can you provide a brief overview of the significance of the ISO 27001 certification within the company’s governance framework and its broader implications for sustainability?

Andreas / Ole Christian: The ISO 27001 certification is very valuable for the governance framework at Sunrise because it establishes a robust system for handling and safeguarding sensitive information. In recent years, the significance of ISO 27001 certification has grown continuously. Since we have many business customers in highly regulated sectors, we’re exposed to the resulting external assessments and audits. All of them value our commitment to having a strong Information Security Management System (ISMS) in place and it also helps us attract new customers.

Achieving ISO 27001 certification for ten consecutive years is quite an accomplishment. Can you take us through this journey?

A/OC: Information security was ranked as a top priority for the former Sunrise in 2013, and since 2014 we have consistently achieved the ISO 27001 certification year after year. And we were the first telecom company in Switzerland to be certified end-to-end. Over the years, the ISMS has supported us in consistently increasing awareness of information security within the company. Of course, the journey hasn’t always been smooth since teams have naturally changed over such a long period. In 2022, the ISO standard was completely updated, and we had to adjust and incorporate the changes in our system. However, with our ISMS in place, we’re improving and digitalising our controls and processes every year.

In what specific ways has the ISO 27001 certification enhanced governance practices at Sunrise and contributed to overall sustainability goals?

A/OC: The ISO 27001 certification has improved our governance practices by offering a systematic approach to managing information-security risks and applying controls to safeguard sensitive data. This, in turn, has supported our sustainability goals by improving operational resilience, reducing cyber security threats, and increasing trust among customers. The certification shows our dedication to data privacy and ethical business conduct, thereby strengthening our reputation as a dependable and reputable telecom provider.

Looking ahead, how do you envision the role of ISO 27001 certification evolving within the governance strategy at Sunrise?

A/OC: Going forward, the ISO 27001 certification will remain a key part of our governance strategy, especially as we deal with new sustainability challenges and regulatory changes. As the digital environment and cyber security threats change, we’ll constantly update our information-security practices to ensure continued compliance with the ISO 27001 standard. We’ll also incorporate sustainability factors into our governance framework, matching our security goals with wider environmental, social and governance (ESG) principles. By addressing sustainability risks and opportunities proactively, we’ll enhance our resilience and maintain our leading position in the telecom industry.

Sunrise IMPACTS

Our sustainability strategy, Sunrise IMPACTS, is based on the pillars of People, Planet, and Progress with Governance as the foundational pillar. Through the publication of our first comprehensive sustainability report, we’ve underlined our commitment to sustainability and dedication to increased transparency.

The report was produced in line with Global Reporting Initiative (GRI) standards. Highlights of the past year include initiatives that enabled Sunrise to meet both customer requirements and sustainability goals, such as sustainable product design, recycling programs (Sunrise Buyback) and offers to promote the circular economy (Sunrise Flex Upgrade).