Swiss ICT Minimum Standard · mandatory under ISG since 2025
The Swiss ICT Minimum Standard is legally required for critical infrastructure operators. SCMC enables a structured, digital assessment of your implementation status: gaps become visible, measures are prioritized, evidence is centrally documented.
Our platform turns the ICT Minimum Standard into a practical framework for resilience, transparency and traceability.
Simple, transparent pricing
Monthly
CHF 155
/ month
Annual
CHF 1'550
≈ CHF 129 / month
2 months free
The Swiss Federal ICT Minimum Standard applies to operators of critical infrastructure — energy, water, healthcare, finance, transport and public administration. Following the revision of the Information Security Act (ISG), compliance is legally required for certain categories. The assessment evaluates your implementation status across the five NIST functions: Identify, Protect, Detect, Respond, Recover.
Demo video
Watch how you can work through the ICT Minimum Standard in a structured way, document evidence centrally and evaluate results clearly.
Try the platform for free: the Cyber-Security Basic Check is available at no cost — 10 areas, 39 control questions, no subscription required.
The Challenge
You know the requirements of the ICT Minimum Standard, but it remains unclear what is already fulfilled and where the biggest gaps still exist. This makes it difficult to assess your actual cyber resilience realistically.
Our Solution
Our platform creates a structured baseline assessment that helps you capture and evaluate your implementation status transparently.
Handle the ICT Minimum Standard in a clearly guided digital workflow instead of relying on PDF files, Excel sheets and scattered documents.
Create a shared working basis for IT, security, compliance, management and other stakeholders.
Keep assessments, comments, evidence and decisions in one place.
Assess not only implementation status, but also the related risks and protection needs within the same context.
Make gaps, priorities and progress easier to understand and faster to communicate, including for decision-makers.
See more quickly which topics should be addressed first and where the biggest risks remain.
Document assessments and measures in a way that keeps decisions transparent and defensible internally.
Keep track of changes, developments and previous assessments, and document progress clearly over time.
Use the ICT Minimum Standard not just once, but as an ongoing and repeatable improvement process.
Try the platform for free with the Cyber-Security Basic Check — 10 areas, 39 control questions. The full ICT Minimum Standard assessment is available via monthly and annual subscription plans.
Our platform turns minimum requirements, assessments and priorities into a clear, digital and traceable working process.
The assessment is fully based on the official Swiss ICT Minimum Standard published by BACS (Federal Office for Cybersecurity). SCMC is not a government authority — the platform is a digital tool for structured self-assessment against the official requirements. The result is a documented baseline, not an official certificate.
The standard primarily applies to operators of critical infrastructure in Switzerland — energy, water, healthcare, finance, transport and public administration. Following the revision of the Information Security Act (ISG), compliance is legally required for certain categories. Other organizations apply the standard voluntarily to demonstrate cyber resilience.
The assessment evaluates your implementation status across the five NIST functions: Identify, Protect, Detect, Respond, Recover. You receive a maturity overview per function, a gap analysis, a prioritized action plan and exportable evidence documentation — usable for management reporting and audits.
The effort depends on your existing documentation and team size. The assessment can be distributed across team members from IT, security and compliance, and does not need to be completed in one session — progress is saved at all times. The platform is designed for collaborative team-based work.
The ICT Minimum Standard assessment is available as a monthly or annual subscription — details at scmc.ch/pricing. To explore the platform before subscribing, the Cyber-Security Basic Check is available for free (10 areas, 39 control questions). For context: external ICT consulting in Switzerland typically costs CHF 5,000–25,000.
The official Excel template is static, not collaborative and not versioned. The SCMC platform enables digital team workflows, centralized evidence documentation, automatic evaluation and repeatable assessments — turning a one-time document into a continuous improvement process.
Yes — and this is explicitly intended. The ICT Minimum Standard is not a one-time project but a continuous improvement process. All assessments are versioned and stored, making progress visible over time and documentable for regulatory purposes.
