Business customers Private individuals
Login   Register
Starter Premium

Business customersPrivate individuals

Login   Register Support

Business customersPrivate individuals

Login   Register Request a consultation
ePost Data Security

Security and data protection at ePost

ePost processes digital communications in Swiss data centres and protects data through clearly defined security standards and legal requirements. 
{}

ePost combines the physical and digital worlds – securely and reliably

As a hub for secure digital communication in Switzerland, we are responsible for protecting data and documents and ensuring digital mail secrecy. 

Our four pillars of protection

ePost-Icon-verschlüsselung-300x300px

Confidentiality

Strong encryption, independent key management and controlled access concepts protect content from unauthorised access.

ePost-Icon-sichere-ablage-300x300px

Integrity

Documents are processed securely. Delivery and archiving processes are documented in a transparent and traceable manner.

ePost-Icon-server-300x300px

Availability

Redundant infrastructure and defined emergency processes ensure the stability of the platform.

ePost-Icon-benutzerfreundlich-300x300px

Compliance

ePost complies with the Swiss Federal Act on Data Protection and recognised security standards such as ISO/IEC 27001.

Data processing in Switzerland

ePost’s core systems are operated in Swiss data centres.

Contracts are in place with the cloud provider’s Swiss entity. The data is subject to the Swiss Federal Act on Data Protection (FADP) and – where applicable – the GDPR.

Backups are stored in physically separate data centres within Switzerland.

Data protection and mail secrecy

ePost complies with the Swiss Federal Act on Data Protection (FADP) and – where applicable – the GDPR.

Mail secrecy also extends to digital communication. Technical and organisational measures ensure that content is only accessible to authorised parties.

ePost only processes data that is necessary for the respective purpose.

The list of subcontractors/subprocessors is publicly available.

Encryption and key management

  • Data is encrypted during transmission and storage.
  • Transport encryption using TLS 1.2+; internal communication via mTLS 
  • Storage with AES-256
  • Client-specific logical separation
  • Stand-alone vault infrastructure for key management
  • Unencrypted content can only be accessed by authorised processes. The cloud provider does not have access to plain text data.

The master key is protected by additional safeguards and can only be reconstructed within a defined emergency procedure.

Security monitoring and emergency processes

The systems are continuously monitored.

Defined analysis and escalation processes are in place for security incidents. 
These are carried out in collaboration with the Swiss Post security units.

The infrastructure is designed with redundancy. Recovery procedures are documented and regularly reviewed. 

Access control 

Access to systems and data is based on clearly regulated principles:

  • Role-based access control 
  • Multi-factor authentication 
  • Principle of least privilege 
  • Logging of security-related accesses 

The above does not apply to electronic letters and related metadata. These can only be decrypted and read by the tenant.

Certification and testing 

ePost is certified to:

  • ISO/IEC 27001
  • ISAE 3000 (archiving in conformity with AccO)

The following are additionally conducted: 

  • Regular external penetration tests
  • External security reviews
  • Cloud Lawful Access Risk Assessments (monitored by PostCom and the Swiss Federal Data Protection and Information Commissioner)

ScanningService

The scanning service processes physical mail in Switzerland.

  • Opened mechanically
  • Digitised in a secure environment
  • Encrypted prior to digital delivery
  • Physical originals stored for a limited period
  • Destroyed in accordance with defined security standards

The service providers used are ISO-certified, meet high data protection and security standards, and are regularly reviewed.

Contact

Data protection enquiries

Data protection enquiries

Security enquiries

Security enquiries

Die Schweiz will E-Government

ePost-Icon-Geschäftskunde-300x300px

5 von 5
Alle Top-5 digitalen Verwaltungsleistungen fallen in den Zuständigkeitsbereich der Gemeinden. Wer hier digitalisiert, verbessert Service und Effizienz spürbar.

ePost-Icon-schnell-300x300px

60%
So viele Schweizer Gemeinden sehen dringenden Handlungsbedarf bei der Digitalisierung. Jetzt ist der Moment, Prozesse zu modernisieren.

ePost-Icon-aktivieren-300x300px

4 von 5
So viele Schweizer Gemeinden sehen dringenden Handlungsbedarf bei der Digitalisierung. Jetzt ist der Moment, Prozesse zu modernisieren.

Quelle: Nationale E-Government-Studie 2022, Geschäftsstelle Digitale Verwaltung Schweiz