Policy for Use of ISO 27001 Certificates and Certification Mark

1. Purpose, User

This policy governs the appropriate use of VSHN AG’s ISO/IEC 27001 certification and associated certification marks to ensure compliance with accreditation requirements and to maintain the integrity of our certification.

Users of this document are all employees of VSHN AG.

2. Scope

This policy applies to all employees, contractors, and partners of VSHN AG involved in communication, marketing, or documentation where the ISO 27001 certification is referenced.

3. Permitted Use

The certification mark and ISO 27001 certificate may only be used in:

  • Official VSHN AG websites (for example vshn.ch, appuio.ch, servala.ch etc.)

  • Presentations or documents representing VSHN AG as an organisation (for example sales decks, security documentation, partner overviews)

4. Approved Assets

  • Only the official certificates and logos stored in Nextcloud may be used.

  • Any other versions or outdated copies must not be used under any circumstances.

5. Approval Requirement

  • All use of the ISO 27001 certificate or certification mark must be approved in advance by the CISO.

  • This includes first-time use in new documents or websites, and any major updates to existing material.

6. Prohibited Use

The certificate or certification mark must not be used:

  • By third parties, customers, or suppliers

  • In misleading contexts (for example implying certification beyond the defined scope)

7. Monitoring and Enforcement

  • The CISO is responsible for reviewing usage periodically.

  • Any misuse must be corrected immediately.