Key facts
In 2009, the Swiss Federal Audit Office (SFAO) carried out an audit on the extent to which the cantons had implemented the network security policy (NSP) prescribed by the Swiss Conference on Informatics (SIK/CSI). Based on the results, the Federal Office of Information Technology, Systems and Telecommunication (FOITT) was given a recommendation, and this has not yet been implemented in the SFAO’s view. Security elements were supposed to be added to the contracts between the FOITT and the cantons. The cantons were also to be obliged to provide evidence of the implementation of the agreed security requirements in their networks. If they failed to comply with these agreements, the FOITT or a third party instructed by it was to carry out corresponding security audits.