The KKPKS elected Mark Burkhard as its new president at its annual meeting on November 3, 2020. The graduate economist and IT engineer has been commander of the Basel-Landschaft police since 2013. Until now, as a board member of the KKPKS, he also led the projects for the harmonization of Swiss police IT. He is looking forward to the new challenge, says 56-year-old Mark Burkhard: "I want us to continue to provide high-quality police services for the population. This requires good cooperation between the police forces and their partners across the corps and cantons." Furthermore, it is important "that we do not lose touch with technological developments in the field of crime," says Burkhard.

Three questions for the new man at the helm of KKPKS

Terrorist attacks in France and now also in Vienna: What does this mean for Switzerland's security?

Burkhard: The terrorist threat has also been heightened in Switzerland for some time. Following the recent attacks in neighboring countries, the situation in Switzerland is also being reassessed on an ongoing basis. Based on this, the security arrangements in the cantons are reviewed and, if necessary, additional measures are taken, such as increasing the police presence in public areas.

What are your most important challenges in 2021?

Burkhard: The primary task is to deal with the consequences of the Corona pandemic. Depending on how the situation develops, the police will be called upon to do more or less. However, other developments can change this focus at any time, as the attacks in France and Vienna show. In addition, the police are making great efforts to combat the rapidly growing cybercrime.

Where does Switzerland stand in this respect, and where do you, as CCCP President, need to set priorities in cyber security? 

Burkhard: To combat cybercrime, the Swiss police corps have founded the "Network for Combating Digital Crime" (NEDIK). The federal government and all cantonal police forces work together in this network. They monitor crime trends, agree on their areas of activity and coordinate joint actions. This cooperation must be further consolidated and expanded. In addition, it must be better communicated to the public what efforts the police corps are already making in the fight against cybercrime.

Interview: R. Strässle

Stefan Blätter in office since 2014

Mark Burkhard succeeds Stefan Blättler, commander of the Bern Cantonal Police. The 61-year-old looks back on an eventful presidency. At the end of October 2014, he was elected President of the CCPSC, shortly before terrorist attacks in neighboring countries had a lasting impact on the security situation in Switzerland and thus on police work. And the Corona situation in his last presidential year had also challenged the Swiss police corps and the CCPCA. Milestones during his presidency were reached, among others, with the introduction of the new overall educational policy concept Police 2020 as well as the formation of the Network Investigation Support Digital Crime Fighting (NEDIK) in 2018, as the press release of the Conference of Cantonal Police Commanders of Switzerland concludes.

According to Austrian Interior Minister Karl Nehammer, the terrorist attack in Vienna was carried out by a sympathizer of the Islamic State (IS) terrorist militia. The 20-year-old was armed with an assault rifle, he said. In addition, the man, who had both Austrian and northern Macedonian citizenship, was wearing a dummy explosive belt.

The young man had wanted to travel to Syria to join the IS. Therefore, he was sentenced to 22 months in prison in April 2019. He was released early in December. According to Nehammer, there have been extensive raids in the environment of the perpetrator. Several people were arrested in the process, he said.

Two suspects also arrested in Winterthur

The group of the task force "Vienna" of the Zurich Cantonal Police is continuously following the events and they are in close exchange with various partners, including in Bern and Vienna, the statement said.

In connection with the attacks in Vienna, there was the arrest in Switzerland of an 18-year-old and a 24-year-old Swiss. The two men had been arrested on Tuesday afternoon, 3.11.2020, in coordination with the Austrian authorities by the special unit EG Diamant in Winterthur. The extent to which there was a connection between the two arrested and the suspected attacker is currently the subject of ongoing clarifications and investigations.

Detect attack plans at an early stage

In order to detect and thwart attack plans from the jihadist environment as well as from returnees from crisis areas at an early stage, the cantonal police already formed a special commission in 2015. All available information from the areas of danger prevention and investigation of the various police organizations is brought together. If necessary, appropriate measures will be taken in the preventive and repressive areas, according to a media release today from the department of Zurich Security Director Mario Fehr.

Protective measures strengthened

High attention is paid to the protection and security of religious institutions. The canton and the city support Jewish organizations with contributions to their security costs. After the attacks in Vienna, the existing protective measures were reviewed and strengthened, it is further reported. (rs)

Ransomware is part of everyday corporate life. Unlike an attack on a private computer, infiltrating a corporate network can result in ransom demands in the six-figure range. In addition, companies still set the wrong priorities when it comes to ransomware attacks. They believe paying up is the quickest way out of trouble. However, the reality paints a different picture. Even after paying the ransom demanded, the network and the data remain vulnerable and new attacks threaten.

Veritas dispels the five most persistent myths surrounding ransomware and provides tips on how companies can avoid falling into the ransomware trap in the first place.

1. When we pay, the hackers let us access our corporate data again immediately.  

Companies are data-driven. A ransomware attack brings their business to a complete standstill, often for days. No company can afford that. Therefore, affected companies tend to pay the ransom as soon as possible. This gave 29 percent of the companies surveyed by Veritas an.

However, the fact is: even after paying a ransom, the data usually cannot be recovered. This is a considerable loss of money, but it does not end there, as a study by Sophos confirmsThe company will have to invest a similar amount again for the restoration.

However, the consequences cannot only be quantified financially: a tarnished reputation, the loss of customers, as well as difficulties with data recovery can cause damage that is even more expensive than paying the ransom sum. So paying money to the extortionists should never be the solution. Because this encourages the cybercriminals to continue their activities and keeps their fraudulent system going.

2. Hackers are only interested in people who have sensitive information in their eyes. 

That's not right. Hackers primarily target employees, regardless of industry, position or identity. Their email addresses, passwords and bank accounts are of interest, but so are encrypted databases that are hacked via an employee's login. Ultimately, any information can be monetized on the darknet or a ransom demanded to remove the malware from the hardware.

Hacking is becoming more sophisticated and targeted every year, and more and more SMEs are falling victim to it. Their IT is usually less well protected, so the security systems are easier to circumvent than in large companies. However, it is also true that the more interesting and important the hacked information is, the more lucrative it is for the cybercriminals and the higher the ransom demand will ultimately be.

3. Our security system is sufficient to withstand cyber threats, including ransomware.

Companies are deploying increasingly professional and always up-to-date security systems to protect themselves against cyber threats. However, these do not provide sufficient visibility across the entire infrastructure. Moreover, no system is infallible, especially as attacks become more sophisticated and targeted. The current trend for many employees to work remotely further increases cyber risk: their work devices are outside the protected corporate network, creating many more vulnerabilities and potential entry points.

It is therefore essential for companies to train their employees on current phising attacks and to develop an effective data management and backup strategy.

4. Our employees do not provide effective protection against ransomware. 

The human factor is and remains the main risk when it comes to IT security. That's right. Whether it's attacks by viruses, spam or ransomware, users are the preferred target of hackers. Still, employees can be a powerful weapon against cyber attacks. If they are regularly and sustainably educated and trained on potential threats - including management - they can make an important contribution in an effective early warning system. Unlike security solutions that only sound the alarm when malware is already in the corporate environment, employees can immediately inform the security team about phishing emails before they become an active threat.

5. A simple backup of the data is enough to restore it. 

Companies that have a backup system have already taken the first step in securing their data against ransomware. However, this is not enough. Once the malware has spread in the corporate network, the backup stored there is also affected, and the backed-up data remains encrypted.

Only off-site backups - at least for the most critical data - are effective. To prevent their encryption, they should always be kept separate from the productive system. The use of cold storage solutions - such as external or offline hard drives, combined with multifactor authentication - protects backups from system infections and preserves critical data needed for disaster recovery.

Sascha Oehl, Technical Director DACH at Veritas Technologies, comments: "It is a fact that ransomware poses a serious threat to companies of all industries and sizes. And this threat is further exacerbated by remote working. Once ransomware has infested the corporate network, the only lifeline left is an effective backup strategy. It is not enough to store the backup separately from the other data, but still in the same infrastructure. Malicious encryption attempts can only be prevented if the backup system is able to create an off-site copy of the files."

Effective backup solution against ransomware

A layered backup strategy helps prepare for ransomware. First, companies should distribute backups in isolation from each other across different environments, creating self-sufficient islands. Using the cloud to store backups is the most effective option. Separated from the company's main network and always updated according to the latest security guidelines, cloud storage is a cost-effective and scalable alternative. Data copies stored on-site should be immutable. The final step is to ensure that the recovery process is resilient. Companies should therefore conduct regular tests to detect problems early on.

Careful management of data retention times also prevents backups from becoming a storage space problem. For each backup, it is therefore important to decide how many copies of data are necessary and where they are stored. A master catalog helps employees find data quickly so they can maintain their inventory as needed.

Source: Veritas

The relevant European standards for smoke extraction systems are still being revised, which makes it difficult for those responsible to plan new systems safely. For this reason, VdS Schadenverhütung has worked together with manufacturers and installers to develop specific requirements in line with current technical developments and has introduced these to the ISO committees, among others, as VdS writes. The ISO 21927-9, "Smoke and heat control systems," which is based on this standard, will thus become the decisive measure for safeguarding building decision-makers.

The standards set here for SHEV control centers, among others, are now also required by the draft standard DIN 18232-9. According to the "Musterverwaltungsvorschrift Technische Baubestimmungen" (MVV TB), the finalized DIN expected for January/February 2021 should then become mandatory. VdS already offers these product specifications on request with test procedures - and numerous components recognized according to the guidelines 2581, "Electrical control devices for natural smoke ventilation systems", would meet the coming requirements long ago, according to VdS.

"VdS-approved smoke and heat exhaust ventilators already offer planners, authorities and all other people responsible for fire protection the usual planning security," emphasizes Dieter Maske, technical manager of the VdS smoke exhaust laboratories. "This also applies to power supplies, which are also affected by the amended DIN."

You can find the test guidelines VdS 2581 in the vds-shop.com and all VdS-approved smoke extraction products on vds.de/rwa.

Whether with false promises for information on the virus, on how to order masks during low levels or messages on online ordering - cybercriminals used the most diverse pandemic topics to deceive victims or spread malware. The 2020 semi-annual report of the Reporting and Analysis Center for Information Assurance (Melani) highlights the most diverse types of cyberattacks that took place in connection with the pandemic (cf. from page 6 of the 31st report). Melani Semi-Annual Report).

Home office: secure handling of remote access

Cybercriminals are also keeping pace with the increased trend toward home offices. That's why the Melani authors are also devoting a chapter to this topic - "Home office - but secure!" (from p. 11). Home office work also means that remote access to corporate networks has increased massively. The security experts therefore remind us of some principles to minimize the risks when dealing with this technology (cf. "Home office: secure handling of remote access".).

As a supplement to the remote access document, a brief information is also provided for the end user to better protect their own environment, thus also reducing the risk for the employer (cf. "Home Office: End User Guideline.").

Industrial control systems (ICS) targeted by ransomware

Not all cyberattacks are related to Corona. In the first half of the year, MROS again recorded an increase in attacks with ransomware. The attackers encrypt data and demand a ransom from the victim to release the data. Until now, attacks with crypto Trojans had targeted the IT infrastructure of the victims and usually only affected control systems collaterally. Now, in the first half of 2020, a ransomware was observed that was specifically designed to hit process controls in industrial control systems (more on this starting on p. 26 of the report). According to Melani's report, "Before encrypting files, the ransomware steals data and then forces a whole series of processes to stop, but without manipulating them or sending commands. These processes affect not only industrial control systems (ICS), but also security or management software, databases and data backup solutions."

Such attacks can have devastating consequences for businesses and the population.

National Focal Point is operational

Since the beginning of this year, the National Cyber Security Center (NCSC) has been the central point of contact for business, the general public, government agencies and educational institutions when it comes to cyber issues. The contact point receives reports of incidents in a uniform manner, examines them and forwards them to the appropriate body. According to data, a total of 5152 reports were registered in the first half of 2020. Fraud attempts accounted for more than half of these, with 825 cases involving advance fee fraud emails alone.

The statistics of the reports received are published weekly on the website of the NCSC published.

Melani "disappears

This is the last time the Melani semi-annual report will be published under this name. With the entry into force of the "Ordinance on Protection against Cyber Risks in the Federal Administration" on July 1, 2020, Melani has become part of the NCSC. The National Cyber Security Center will therefore also be the future sender of the report on the most important cyber incidents.

Source: Confederation

The annual report just published "Security Switzerland 2020 of the Federal Intelligence Service (FIS) presents the most important situation developments from an intelligence perspective. The following is a summary by the FIS:

The question of the security implications of the Covid 19 pandemic cannot yet be answered in detail. However, the findings of the FIS so far allow the general statement that the pandemic reinforces and probably accelerates already existing trends in the international system. The pandemic provides further evidence of the end of a world order that was strongly influenced by the United States, its alliance system, and institutions that were significantly influenced by the United States.

The change currently observable in international security policy will continue. It is questionable whether a stable order will form again in the foreseeable future. A new bipolar order between the U.S. and China would be possible, but this is not yet clearly evident at present. Even more uncertain is a development toward a multipolar system. 

Strategic competition between the major powers

Switzerland's strategic environment is shaped by the rivalry between the USA and China, Russia's efforts to consolidate its sphere of influence in Europe, and various conflicts and crises on European borders. While the U.S. will remain the world's most influential power beyond 2020, transatlantic relations and the U.S. presence in the Middle East will continue to lose importance in the future. America's geopolitical challengers are trying to profit from this and to use the gaps created by the end of American dominance to implement their own interests.

China sees itself as a rising great power on a par with the USA. The gap between the liberal model shaped by the West and authoritarian state capitalism will continue to grow. There are growing indications that the international system could be increasingly shaped by strategic competition between the U.S. and China - to the point of establishing exclusive strategic zones of influence.

Russia continues to pursue the goal of acting on an equal footing with the U.S. and seeks to establish and consolidate its own sphere of influence. Its policies are showing results, but it is striving for more. Ukraine remains at the center of Russian strategic interests, as does Belarus following protests in the aftermath of the August 9, 2020 presidential election, where the Kremlin clearly warns the U.S. and EU against any interference. The Black Sea and the Mediterranean are also theaters of strategic rivalry with other actors. Russia also uses military means to achieve its goals.

Espionage as an instrument for power struggles

Espionage is an expression of the tensions described above. States use espionage as an instrument to gain or consolidate an advantageous or even dominant position over political, military or economic rivals in power struggles. Such tensions are also reflected in espionage activities of foreign states on Swiss soil, which damages Switzerland's image as a host state for international diplomacy. In addition, Swiss interests are directly threatened when foreign espionage actors target, for example, the Swiss financial and trading center, innovative companies, or political institutions in order to gain competitive advantages and influence. Certain states also use espionage as a tool against their nationals to consolidate their own power - for example, by monitoring and intimidating opposition figures abroad, including in Switzerland.

Espionage, indeed the international power struggles as a whole, also take place in cyberspace. So far, Switzerland's critical infrastructures have never been the direct target of state-sponsored sabotage. However, when critical infrastructures are attacked, Swiss business partners and suppliers are also targeted, and their damage is at least taken into account. Swiss targets can therefore also become indirect victims of conflict in cyberspace.

Violent extremism: attempts to instrumentalize demonstrations

In the context of jihadist terrorism, the "Islamic State" continues to set the tone. The terror threat in Switzerland remains elevated. Further attacks in Europe are likely - primarily those inspired by "Islamic State". Although Switzerland is one of the legitimate targets for attacks in the eyes of the jihadists, it is not the main focus.

The potential for violence in both the left-wing extremist and right-wing extremist scenes remains. In the left-wing extremist scene, more intensive forms of violence, such as arson, remain limited primarily to objects that are seen in connection with the supposed "repression". At demonstrations, broader participation in acts of violence and high or even increasing aggressiveness can be seen. The left-wing extremist scene in particular is attempting to take the lead in newly emerging movements such as this year's Black Lives Matter demonstrations in Switzerland and to instrumentalize them for its own purposes.

Members of the extreme right-wing scene currently use violence with restraint. However, it remains to be mentioned that martial arts are trained in said scene and functional weapons are available. The greatest risk of a right-wing extremist-motivated attack in Switzerland is posed by individuals acting on their own with right-wing extremist convictions but without a firm affiliation to established violent extremist groups.

Press release Federal Intelligence Service

Shortly before midnight, a security company reported to the operations center of the Zurich cantonal police that three people had just broken into a factory building in Regensdorf, Zurich. The patrols that were called out first surrounded the premises, then searched the factory halls. The police were successful: the three perpetrators were caught in the act and the stolen electronic components were seized.

It is not always possible to turn thieves over to the prosecutor's office as successfully as in this case, which occurred last Friday.

Burglary Protection Day

On Monday, October 26, the 6th National Burglary Prevention Day took place. It is intended to remind the population once again that it is precisely with the changeover to wintertime that criminals intensify their activities. Accordingly, various police forces in Switzerland and the members of the Swiss Secure Housing Association (SWS) carried out and continue to carry out various measures in the cantons (cf. interactive map under www.gemeinsam-gegen-einbruch.ch). The overview of measures and events is continuously updated, writes the SWS. It has organized the national day of burglary protection and the event is supported by the Swiss Crime Prevention (SKP). The SWS is made up of umbrella organizations, industry organizations from the private sector and the police, and aims to improve the quality of burglary protection in Switzerland. On the website www.sicheres-wohnen-schweiz.ch important prevention tips and links are available.

In case of suspicion dial 117

In order to combat so-called twilight burglaries, various police forces are intensifying their patrols and carrying out more checks. However, even more targeted controls can be carried out if tips are received from the population and suspicious findings are reported, writes the cantonal police. The campaign "In case of suspicion, call 117 - Together against burglars" will be launched with posters and flyers to remind people to call the emergency number 117 if they notice anything suspicious. Reports are accepted around the clock, according to the police.

Individual advice

This is also possible: With individual burglary protection advice from the police, weak points are analyzed and possible solutions are pointed out. According to the police, this is intended to motivate those seeking advice to implement suitable measures in order to significantly reduce the risk of burglary.  (SWS / Kapo / rs)

• For more information on burglary prevention, visit the Swiss Crime Prevention (SKP) website at www.skppsc.ch
• Article in SafetyForum on the subject of burglary protection for windows and doors (cf. 2019_06 burglary protection)

Washing your hands has become second nature to most. However, companies and their employees do not always exercise the same caution when it comes to mobile communication. Malware and other malware can hide in installed applications. An app is quickly downloaded and the user usually doesn't give much thought to the consequences: What data and communication channels does the app access? What exactly is written in the depths of the rarely read terms of use? If employees use a company cell phone privately or a private smartphone for business tasks, this puts compliance with data protection regulations at risk.

Therefore, companies should observe the following rules:

• The explosive nature of the issue must be internalized. The carelessness of employees when using smartphones and tablets is often due to a lack of knowledge. This makes education and training all the more important to ensure that IT hygiene measures become a matter of course. All employees should also be given binding and uniform regulations for the protection of IT and data in the company. Careful handling of sensitive data must also be exemplified by superiors. All these measures prevent employees from unsuspectingly downloading dangerous apps.
• Offer only user-friendly tools. If possible, security measures should not restrict employees in their work, because only user-friendly solutions win through. Corporate apps must therefore be as easy to use as users are accustomed to from their private applications. It is just as important to involve the departments involved in the selection of tools in order to cover the business requirements of the respective employees.
• Strictly separate private and business data. Many apps have embedded functions for data exfiltration, i.e., the extraction of private data. In the case of WhatsApp, for example, this is the non-transparent access to the contact list, which may also contain business contacts. This is a violation of the requirements of the GDPR, as personal data may not be processed and forwarded without consent. Only a strict separation of private and business data can help against this data leakage. It also prevents data from simply being moved back and forth by copy-and-paste.
• Don't forget encryption and authentication. Business data must also be encrypted, both on the device and in transit. Access to systems such as file sharing or intranets must be through a secured channel. The corporate area should also be secured by PIN, TouchID, FaceID or - for even more protection - by smartcard. This way, data remains protected from misuse even if the device is stolen or lost.

"A container solution like SecurePIM strictly separates the business area from the private area on mobile end devices. Data and documents are stored encrypted to the highest standards and transmitted end-to-end. This creates an 'intrusion-proof' area to defend against cyber criminals and at the same time compliance with the DSGVO is guaranteed," explains Christian Mueller, Chief Marketing Officer of Virtual Solution in Munich. "The economic consequences of poor IT hygiene are often underestimated. Data and identity theft, misuse of stolen data and, for example, blackmail attempts can result in losses in sales and trust. In addition, there is the threat of high penalties for violating the DSGVO regulations. Compliance with data protection and security must therefore become a constant routine, just like washing your hands."

Source: Virtual Solution

As the federal competence center, the National Cyber Security Center (NCSC) is responsible for the coordinated implementation of the NCS and regularly prepares a report on the implementation status on behalf of the NCS Steering Committee. The just published Report includes the current implementation status One third of the 247 milestones defined in the implementation plan have already been achieved.

Progress in promoting research and training

Implementation of the majority of milestones is scheduled for the second half of the 2018-2022 NCS term and must be implemented by the end of 2022. Delayed on the way are 23 milestones. The responsible agencies have provided the Steering Committee with reasons for the delays and have been able to plausibly demonstrate that the time lag can be made up. Concrete progress has been made in various fields of action. In the promotion of research and training, for example, an important milestone was reached with the opening of the Cyber Defence Campus (CYD Campus) at the two Federal Institutes of Technology ETH and EPFL and in Thun. In the area of law enforcement, coordination in the fight against cybercrime was improved.

Support for SMEs and the population

Small and medium-sized enterprises (SMEs) are now also part of the NCS target group.

Accordingly, their support in connection with cyber risks is being established and expanded. Together with representatives from the business community, for example, a guide for SMEs has been produced. In addition, the national contact point at the NCSC has been operational since January 1, 2020. It receives reports of cyber incidents from the public and the business community, analyzes them, and forwards them to the responsible bodies. The reporters receive recommendations for further action.

Since the adoption of the NCS 2018-2022, the new organization of the Confederation in the area of cyber risks has also been adopted and implemented by the Federal Council. The Ordinance on Protection against Cyber Risks in the Federal Administration, which has been in force since July 1, 2020, forms the legal basis and regulates cooperation within the federal administration as well as with the cantons, the business community and academia.

Press release federal government

The acquisition consolidates Salto together with Gantner its position as a global market leader in the field of electronic access control. It employs around 1,200 people in 40 countries, of whom more than 230 work in research and development. Sales of 260 million euros are generated and the equipment comprises more than one million access points per year.

Capital increase of 125 million euros

The acquisition was made through a combination of capital increase, bank financing and cash. The capital increase amounts to 125 million euros and was subscribed by both existing shareholders such as Alantra (ES) and new investors such as Sofina (BE), Peninsula Capital (LUX) and Florac (FR), Salto writes. As a result, financial investors would now collectively hold 30% of Salto's shares, with the remaining shares remaining with the company's founders and management team (60%) and private investors (10%).

With one of the broadest product portfolios in the world, the company is able to meet virtually any requirement and thus equip almost any access point in buildings and properties. The access management software offers an intuitive, user-friendly interface that ensures simple and secure management for applications of all types and sizes.

In recent years, Clay (NL) and Danalock (DK) have been added to the portfolio, strengthening the company's position in the cloud and mobile access sectors in particular.

Offering comprehensive solutions to end customers

Gantner is an Austrian company specializing in electronic access systems, intelligent locker locking systems, ticketing and accounting systems, and time and attendance. A customer- and service-oriented corporate culture positions the provider as a partner of choice for a wide range of customers - from small and medium-sized enterprises to industry-leading Fortune 500 companies.

"The addition of Gantner to Salto's portfolio offers a dazzling future prospect to further expand our position today as a provider of best-in-class electronic access solutions," said Javier Roquero, co-founder and CEO of Salto. "Gantner's offering expands and diversifies our product portfolio to include innovative locking solutions as well as cashless ticketing and payment systems, allowing us to offer our end customers more comprehensive solutions that go beyond access management."

Implementing growth projects together

"Thanks to the new partnership with Salto, we can expand our product portfolio, exploit important synergies, cultivate markets in an even more targeted manner and serve the segments with pinpoint accuracy. This puts us in an optimal position to continue our growth," says Elmar Hartmann, Managing Director of Gantner.

The two companies will jointly implement new growth projects. He said they will offer customers end-to-end, seamless solutions across a wide range of areas from a single source, such as the use of access points, main entrances, elevators, ticketing, cashless payment, lockers, office doors, cafeterias and leisure facilities with unified contactless credentials. "If there's one thing the Covid 19 pandemic has taught us, it's the need to provide systems that help reduce physical contacts," says Javier Roquero. "Gantner has developed manifold solutions that allow users greater independence in accessing, paying for goods, purchasing tickets, and accessing events and recreational facilities. This adds incredible value to our contactless access control solutions."

The revision of the guidelines VdS 2172 has above all an effect on the valid requirements, which were reduced to two substantial evaluation criteria: "Apart from the qualification of the intervention forces contractually fixed and to be kept approach times form from now on the hard criteria for the evaluation of an intervention place , say Harald Mebus, VdS technical leader for safety services, together.

To check the arrival time, the departure and arrival at the object must be documented and subsequently compared with the arrival time specified in the customer contract. "The fact that an arrival time must be contractually defined and checked is completely new. However, we consider it extremely important for the transparency and measurement of quality," explains Mebus.

If the specified approach time cannot be met, not only must the client be informed, but an explanation of the cause and a solution must also be determined. "In this way, intervention agencies are required to constantly review and optimize their processes and to maintain or even improve performance vis-à-vis their customers."

Particularly attractive for smaller companies

With the new version, proof of a certified quality management system is now not required. "Of course, this does not mean that the new version does not place any requirements on the intervention center's management systems - these will nevertheless be closely examined," emphasizes Mebus. However, only essential aspects have been retained and integrated into the guidelines, so that the effort required for both implementation and auditing is significantly reduced.

VdS is pursuing a specific intention with this: "For smaller intervention agencies, a recognition procedure, e.g. according to DIN ISO 9001, was costly or often even a knock-out criterion. However, VdS pursues the strategy of recognizing intervention agencies as comprehensively as possible, so that customers and insurers can fall back on companies that are as close as possible. This minimizes the response time and increases the chances of averting danger or limiting damage," explains Mebus.

The revised VdS 2172 guidelines will apply to new orders from September 1, 2020, for which a new pricing model will also apply: Instead of individual items and fluctuating charges, a flat rate will be charged per year, which should enable customers to calculate costs easily. Existing recognitions will remain valid until the end of the certificate term. For renewal and change orders, there is a transition period until August 31, 2021.

The new guidelines VdS 2172, now divided into two parts, "Intervention agencies", also stands on vds-shop.com available for download.

Source: VdS

Too bad, due to the current Corona situation, the planned event on November 18, 2020 cannot take place, as the Information Security Society Switzerland (ISSS) has just announced. The event was organized in collaboration with the National Center for Cybersecurity (NCSC) organized.

The newly institutionalized NCSC is the federal government's competence center for cybersecurity and thus the first point of contact for the business community, administration, educational institutions and the general public on cyber issues. The NCSC is also responsible for the National Strategy for the Protection of Switzerland against Cyber Risks (2018 to 2021). The strategy outlines how the federal government intends to work with the business community, the cantons, and the universities to address cyber risks. In particular, very great importance is attached to the important factor of resilience, as can be seen very well in the current pandemic.

Source: ISSS / Confederation