Handbook for Operational Excellence

Standards

Standards

Standards create security and interoperability. They define the legal and technical framework within which modern IT systems must operate. Adherence to these standards is not a purely administrative task — it is a prerequisite for market access and customer trust.

This section covers the most important regulatory requirements (such as the Swiss nFADP or the EU AI Act) and technical standards (ISO 27001) in their operational context for engineering teams.

Table of Contents

  • EMBAG: Open source by default for Swiss federal authorities. What EMBAG means and what obligations it creates for public IT contracts.
  • EU AI Act and Explainable AI: The first comprehensive regulation of artificial intelligence. How the EU AI Act defines risk categories and enforces transparency requirements.
  • EU Whistleblower and Secure Cryptography: Protection of whistleblowers and requirements for internal reporting channels. Why secure cryptography is essential for whistleblowing systems.
  • Green IT and Software Carbon Intensity: Measurable sustainability in IT. How Software Carbon Intensity (SCI) and hardware lifecycle standards improve the ecological footprint.
  • ISO 27001 and Compliance-as-Code: The international standard for information security. How ISO 27001 serves as a framework for risk management and compliance.
  • MCP (Model Context Protocol): An open standard for connecting AI models to data sources and tools. How MCP ensures the interoperability of AI agents.
  • nFADP / DSG and Privacy by Design: The new Swiss data protection act (nFADP). How privacy by design and technical deletion concepts ensure compliance.
  • Open Source Definition (OSI) and SLSA: The definition of true open-source software. Why adherence to OSI criteria is critical for avoiding vendor lock-in.
  • Software Asset Management (SAM): Systematic management of software licences. How ISO 19770 and automated SAM processes optimise audits and costs.
  • SBOM (Software Bill of Materials): Transparency about software dependencies. How an SBOM makes supply chain risks visible and meets regulatory requirements.
  • US Cloud Act and Sovereign Cryptography: US legislation and its global implications. Why the US Cloud Act affects data sovereignty in European clouds.