Insurance regulatory requirements for IT
Basic data | |
---|---|
title | Circular 10/2018 (VA) Insurance supervisory requirements for IT |
Short title | Insurance regulatory requirements for IT |
abbreviation | VAIT |
scope | Federal Republic of Germany |
Original version dated | 2nd July 2018 |
Last revision from | 20th March 2019 |
The insurance supervisory requirements for IT , abbreviated VAIT , are administrative instructions that were published in a circular from the Federal Financial Supervisory Authority (BaFin) for the secure design of IT systems and the associated processes and related requirements for IT governance for German insurance companies . They were published by BaFin in circular 10/2018 (VA) of July 2, 2018 and updated in March 2019. This does not apply to insurance companies within the meaning of Section 168 of the Insurance Supervision Act (VAG) or the security funds within the meaning of Section 223 VAG.
The VAIT specify the legal requirements of the Insurance Supervision Act (VAG) , §§ 23–32. They are administrative regulations that interpret standards and represent a voluntary commitment by the German supervisory authority to the insurance companies.
For companies that are subject to the scope of the Solvency II supervisory system , also known as Solvency II, the requirements contained in the minimum requirements for the business organization of insurance companies (MaGo for short) remain unaffected.
In the insurance supervisory requirements for IT, the supervisory authority formulates a framework for the technical and organizational equipment of the company - in particular for the management of IT resources and for IT risk management. Since the insurance companies are increasingly purchasing IT services from third parties, VAIT now requires a risk analysis in advance, regardless of whether this is the main service or a supplementary service to another main service.
VAIT § 27 now also demands that at least the state of the art be implemented in information security .
See also
- Banking supervisory requirements for IT (BAIT)
- Capital management supervisory requirements for IT (KAIT)
Web links
- Circular 10/2018 (VA) - Insurance supervisory requirements for IT (VAIT) in the version dated July 2, 2018
- Circular 10/2018 (VA) - Insurance supervisory requirements for IT (VAIT) in the version dated March 20, 2019
- Critical infrastructures: BaFin supplements VAIT with the KRITIS module in the version dated March 20, 2019