If a security incident occurs, Swisscom analyzes what exactly happened. Then Swisscom assesses the impact and risk for their services and any persons affected. After this assessment, measures are derived to remedy the security incident and avoid similar incidents. The affected customers are notified and sensitized when specific measures are implemented and applied to them.
Example:
A customer has appointed persons from outside the organization as RA agents in his RA agency. Swisscom has become aware of this and has opened a security incident, as this is not permitted due to compliance requirements. Swisscom’s assessment and evaluation showed that this was a security incident (minor incident) for the service. Swisscom then raised awareness of this issue with the customer and asked them to remove the RA agent role from all non-organization personnel. In addition, Swisscom has sharpened the topic in the training documents.