Edelweiss Air AG - Cyber Security and EU-DSGVO

AdNovum was consulted to support the implementation of an Information Security Management System (ISMS) in accordance with ISO / IEC 27002 and to support the implementation of technical and organizational measures to meet the requirements of regulations set forth by GDPR.

logo edelweiss

The customer

Edelweiss is the leading Swiss holiday airline based at Zurich Airport. As a sister company of Swiss International Air Lines and a member of the Lufthansa Group, it operates flights to 70 dream destinations in 34 countries worldwide. Edelweiss invests in innovative solutions that make flying more attractive for its guests and make it easier for its employees to work.

The project

A focus on information security and GDPR

In order to further improve the information security of Edelweiss Air AG and to meet the requirements of the Lufthansa Group, it was decided to implement an information security management system (ISMS). The ISMS is a set of procedures and rules within a company that serves to permanently define, regulate, control, maintain and continuously improve information security. AdNovum was commissioned to plan and support the implementation of an ISMS in accordance with ISO / IEC 27002: 2013. At the same time, AdNovum assumed the role of "Security Officer as a Service" (SOaaS).

  • The goal: To introduce an ISMS in order to improve information security and to comply with the requirements of the Lufthansa Group, as well as to implement the new legal requirements (GDPR).
  • The process: The AdNovum Security Consulting team supported and advised Edelweiss Air AG on the introduction of an ISMS in accordance with ISO / IEC 27002. In addition, AdNovum acted as "Security Officer as a Service" (SOaaS) for Edelweiss Air AG.
  • The result: Information security and compliance as specified by the Lufthansa Group are constantly being improved.

Iterative process leads to continuous improvement

Edelweiss Air AG is subject to GDPR due to its international activities. AdNovum was consulted in 2018 to help the company implement the technical and organizational measures to meet the requirements of GDPR.

In the role of Edelweiss Air AG's "Privacy Officer as a Service" (POaaS), AdNovum has taken on the following tasks:

  • Check and evaluate data processing
  • Document data processing in processes
  • Assess the technical and organizational data protection measures
  • Check data processing commissioned by third parties
  • Advice on the processing of personal data
  • Prepare employees for information security through training and awareness-raising campaigns

 

The benefits

Benefits for Edelweiss Air AG:

  • By introducing an ISMS, Edelweiss Air AG is improving information security throughout the company. An ISMS also helps to improve the protection of any type of information (electronic or paper-based).
  • An ISMS requires all employees to be aware of certain information security policies and guidelines. It therefore raises awareness throughout the company about the dangers and, consequently, the handling of information security.
  • The implementation of GDPR requirements contributes to the fact that, in particular, personal data of customers and employees are adequately protected.
  • By introducing an ISMS and compliance with the GDPR, Edelweiss Air AG can prove that it takes the information security issue seriously in the event of an information security incident or a data protection breach. This can have a mitigating effect.
  • Alignment with the information security standards of the Lufthansa Group
  • Continuous improvement via «Security Officer as a Service» (SOaaS) and «Privacy Officer as a Service» (POaaS)
icon_check_advantages
‹‹The new GDPR is a major challenge. With the efficient and professional support of AdNovum, we have analyzed our data landscape and taken targeted measures to meet the requirements of the GDPR.››
Stefan Graf, Head of IT, Edelweiss Air AG

Contact us – we are pleased to help!

Should you have questions or wish to talk to an experienced advisor, contact us – we will be pleased to help.

Aldo Rodenhäuser, IT Consultant

Aldo Rodenhäuser Head of Security Consulting