European Insurance and Occupational Pension Authority: Guidelines on Information Security

European Insurance and Occupational Pension Authority: Guidelines on Information Security

EIOAP (European Insurance and Occupational Pensions Authority) published on August 2 2021, an  updated guideline on Information and Communication technology security and governance.  The updated instruction by EIOPA provide guidance on how insurance and reinsurance undertakings should apply the governance requirements foreseen in Directive 2009/138/EC5 (Solvency II Directive) and in Commission Delegated Regulation (EU) No 2015/356 in the context of information and communication technology security and governance.

Those guidelines provides instruction on what kind of measures companies should implement for complying with the mentioned directives.

  • Guideline 5 – Audit: Organizations should be audited on periodic basis with sufficient knowledge, skills and expertise in ICT (Page 11)
  • Guideline 7 – Organization must implement a user awareness platform for security training. All employees should adequately informed on the information security policy (Page: 12)

[Safefort Response in Guideline 7]: We provide a complete training platform with embedded trainings in Information Security, HR, GDPR, ISO and etc. This training will ensure that all employees are properly aware of all the necessary materials, and can organization can have a clear point of view if all employees have performed their trainings.

  • Guideline 8 – Logical Security: Organization should includes controls for monitoring anomalies, control access, access to data. (Page 12)

[Safefort Response in Guideline 8]: We provide a complete Security Information Event Management platform, which can monitor and record all the activities that are taking place one each endpoint.

  • Guideline 8 – Authentication Methods: Authentication methods should be commensurate with the criticality of ICT systems, information or process being accessed. This should at a minimum include: strong passwords or stronger authentication methods such as two-factor authentication. (page: 13)

[Safefort Response in Guideline 8 – Authentication Methods]: We provide a complete Multi Factor Authentication (MFA) platform which can work on Remote Desktop Logon, VPN, Office 365, SharePoint, Servers Access, Web access and etc. This minimize the risk of passwords.

  • Guideline 10 – ICT Operation Security: Identification of potential vulnerabilities which should be evaluated and remediated by ensuring that ICT system are up-to-date (Page 13)

[Safefort Response in Guideline 10]: We provide complete vulnerability assessment and patch management solution which can evaluate and remediate the vulnerability on Windows systems.

  • Guideline 10 – Implementation of Network Segmentation, Data leakage prevention systems, and the encryption of network traffic (Page 13)

[Safefort Response in Guideline 10]: We provide a unique out of the box DLP (Data Leakage Prevention) solution which can prevent – protect – encrypt data that are stored on endpoints, cloud infrastructure  applications, Office 365 and etc.

  • Guideline 10: Encryption of data at rest and in transit

[Safefort Response in Guideline 10]: We provide a centralize management encryption solution which is levering Bitlocker and can ensure that the data are encrypted on all the states.

  • Guideline 12: Undertakings should perform tests on a regular basis by independent companies.
  • Guideline 13: Undertakings should establish information security training programs for all staff, and implement period security awareness programs to education their staff including the AMSB, on how to address information security related risks.

[Safefort Response in Guideline 13]: We provide a complete training platform with embedded trainings in Information Security, HR, GDPR, ISO and etc. This training will ensure that all employees are properly aware of all the necessary materials, and can organization can have a clear point of view if all employees have performed their trainings.

Download the PDF with the guidelines instruction by EIOPA.

Safefort 360 Holistic approach in cybersecurity can provide solutions for all the requirements by EIOPA and can ensure that your organization is in compliance with all the directives.

We can discuss how we can help your organization further through a meeting in your office or through an on-line meeting.