EIOPA consults on guidelines on Information and Communication Technology security and governance
12 December 2019
These guidelines shall provide guidance to national supervisory authorities and market participants on how regulation regarding operational risks set forth in Directive 2009/138/EC and in the Commission's Delegated Regulation 2015/35 and EIOPA Guidance set out in EIOPA's Guidelines on System of Governance is applied in the case of ICT security and governance.
In line with its Joint ESA's Advice and in reply to the European Commission's FinTech Action Plan, EIOPA developed these guidelines addressed to national supervisory authorities with the following objectives:
-
To create a common baseline for information security throughout the EU Member States
-
To enhance convergence of supervisory practices in this area.
In developing the Joint Advice, the ESAs' objective was that every relevant entity should be subject to clear and general requirements on governance of ICT, including cybersecurity, to ensure the safe provision of regulated services. As these requirements are not in general 'sector-specific for the (re)insurance market, EIOPA also considered the most recent guidelines published by the European Banking Authority.
EIOPA's Guidelines cover the following areas:
-
Governance and risk management
-
ICT operations security
-
ICT operations management
The deadline for submission of feedback is Friday, 13 March 2020 at 23.59 hrs CET.
Full news on EIOPA
Full consultation on EIOPA
© EIOPA
