GOVERNANCE

PRIVACY AND DATA PROTECTION 

Sunrise sets the highest standards for information security with its ISO 27001-certified Information Security Management System (ISMS) and a robust Business Continuity Management (BCM) plan. This certification, which is validated by external auditors, covers HR and operational processes, the handling of customer data and technical infrastructure. The ISMS is actively maintained and reviewed regularly with risk assessments to make sure the system is up-to-date. 

To ensure compliance Sunrise has developed clear policies and guidelines, including information-security guidelines that take account of data-protection requirements. The transparency in the way data is handled is guaranteed by a privacy policy. 

Sunrise promotes a culture of awareness with annual eLearning courses on information security and data protection. Additional campaigns and reporting mechanisms, including an independent whistleblowing portal, encourage employees to get actively involved.  

In the face of growing cyber threats, Sunrise has established a central Security Operations Centre (SOC) for strategic and efficient security planning, with the protection of company and customer data as the top priority. 

BUSINESS ETHICS AND GOVERNANCE  

Sunrise undertakes to conduct its business in accordance with ethical principles and in compliance with all applicable legal provisions in order to protect the interests of investors, employees, customers and the public. Employees and members of the Executive Committee receive annual training on these values, policies, and laws. In addition, the Compliance Officer makes recommendations, advises, and assists employees and members of the Executive Committee with any questions or uncertainties related to competition and antitrust law. Employees can report violations of anti-corruption regulations or of anti-competition and antitrust policies anonymously via the independent whistleblowing portal. 

PUBLIC POLICY ENGAGEMENT 

Sunrise operates within a highly regulated market environment. Any changes to the legal framework may therefore have an impact on business activities. At the same time, Sunrise is in the public spotlight as a provider of (critical) communications infrastructure and innovations in the field of digitalisation. To demonstrate its commitment to the community more effectively, the company’s positions and expertise are publicised in public debates, in general political agenda setting and, in particular, through transparent and active communication.  

LABOUR AND HUMAN RIGHTS IN THE SUPPLY CHAIN 

Sunrise also protects labour and human rights in its supply chain by ensuring that all partners comply with local labour standards. The ESG Supply Chain Policy sets out the due diligence that must be carried out during the tender process. The Vendor Code of Conduct for Suppliers details the requirements for compliance with labour and human rights.  

Since 2023, Sunrise has also been required to undertake due diligence obligations on its duties of care relating to child labour in the context of the Swiss Ordinance on Due Diligence and Transparency regarding Minerals and Metals from Conflict Zones and Child Labour (DDTrO). As part of this, Sunrise has implemented a supplier-oriented risk-management process, which is documented and published annually.