Erscheinung:17.10.2022 Amended VAIT now available in English
The amended circular “Supervisory Requirements for IT in Insurance Undertakings” (Versicherungsaufsichtliche Anforderungen an die IT – VAIT), which came into force on 3 March 2022, is now also available in English.
The previous version of the circular dated 20 March 2019 expired with the entry into force of this amended version. No fundamentally new requirements have been included in the new VAIT, but previously existing requirements have been specified. Further, the requirements specified by EIOPA’s Guidelines on information and communication technology security and governance (EIOPA-BoS-20/600) have been incorporated with a specific focus on operational information security and IT business continuity management. Transition periods are therefore not required.
The VAIT provide an interpretation of the legal requirements of section 23 of the German Insurance Supervision Act (Versicherungsaufsichtsgesetz –. VAG). The VAIT describe what BaFin considers appropriate as technical and organisational resources for IT systems, with particular regard to the requirements for information security and information risk management. As undertakings are increasingly obtaining IT services from third parties, including as part of outsourcing arrangements, the VAIT also incorporate the requirements of section 32 of the VAG.
