The configuration and acceptance declaration asks for two roles: (1) Security Officer for Data Security and (2) Privacy System Administrator.

How do I choose the right people for these roles?

We recommend that both people have an IT background and are familiar with the application. They do not have to be a person with the official “Privacy Deputy” role. Swisscom wants to retain the 4-eyes principle. The roles are: To be able to provide information about the administration of the subscriber application (who has access, what an administrator could manipulate, where might there be a hitch, SSL connection to Swisscom) and about topics such as virus protection, access control in general, etc. at the person responsible for security.