Baloise optimizes ISMS and IT risk management with Swiss GRC

Find out how the Baloise Group was able to successfully harmonize its security standards by introducing the ISMS solution from Swiss GRC throughout the Group – across countries and across the board.

Initial situation

The Baloise Group, headquartered in Basel, is one of the leading insurance and pension providers in Europe. With around 8,000 employees in several countries (Switzerland, Germany, Belgium, Luxembourg and Liechtenstein), a uniform yet flexible solution was required to meet the increasing regulatory requirements, such as DORA, across all countries and to harmonize internal processes at the same time.

Objectives: Standardization and automation of ISMS processes

The main challenge was to find an ISMS solution that would meet the diverse requirements of the individual countries as well as Baloise’s internal standards and processes. Flexible adaptation to local requirements was necessary without jeopardizing the overarching standardization of information security processes. In addition, the various needs and priorities of the stakeholders in the different national companies had to be taken into account.

The ISMS implementation focused on the following processes:

• Asset management: determining protection requirements, defining and reviewing security requirements (target/actual comparison)
• Exception management
• IT risk management
• Policy framework

The focus was not only on digitizing these processes, but above all on automating them and making them dynamic. This made it easier for users to work more efficiently, while at the same time significantly increasing acceptance of the solution within the company.

Evaluation process and decision-making

The evaluation process was carried out carefully and comprehensively. Swiss GRC prevailed against strong competitors by not only relying on its extensive references and proven methods, but also by demonstrating clear added value and synergy effects between the various functions of the insurance group. The convincing overall offer, which included both technical capabilities and comprehensive expertise, led to the final decision in favor of Swiss GRC. Swiss GRC’s solution stood out in particular:

• Adaptability and seamless integration: Swiss GRC’s ISMS solution is extremely flexible and can adapt to the different requirements of each country and the Baloise Group’s internal processes, while at the same time integrating seamlessly with existing systems.
• Modular approach: The modular structure meant that the Baloise Group could rely on a solution that was tailored to its requirements and could easily be expanded in the future.
• Transparent pricing: Swiss GRC impressed with its simple pricing, which enabled clear calculations and budgeting, thus ensuring planning security.
• Proven experience: Swiss GRC could look back on many years of experience and successful projects in the insurance industry, which gave the Baloise Group additional confidence in the reliability and effectiveness of the ISMS solution.

Key Results and Takeaways

• Efficient harmonization: Swiss GRC enabled efficient standardization and harmonization of ISMS processes across all national companies.
• Compliance with regulatory requirements: The solution fulfills the specific legal requirements in each country without affecting Baloise’s internal processes.
• Modularity for future expansions: The modularity of the GRC Toolbox allows future expansions to be easily integrated. Based on the positive experience of the ISMS implementation, it was therefore also quickly decided to use the data protection module in the GRC Toolbox in order to be able to exploit further synergy effects across departmental boundaries.
• Trustworthy partner: Swiss GRC has proven to be a long-term and trustworthy partner that consistently supports and promotes Baloise’s information security goals.