Emergency and business continuity management according to VAIT

No matter whether IT systems go down, staff become unavailable, important suppliers fail to deliver, buildings are damaged or natural disasters occur, prevent critical events causing a crisis as an insurance provider.

The German Federal Financial Supervisory Authority’s (Bundesanstalt für Finanzdienstleistungsaufsicht, BaFin) requirements regarding (IT) emergency management are clear:

This emergency management process or concept includes business continuity and recovery plans for time-critical activities and processes within the company. In addition to technical (IT) measures, the emergency concept must describe strategic goals, organisational structures and organisational aspects, for example, interfaces to areas such as risk management or information security management. Furthermore, BaFin states that the effectiveness of the contingency plans must be reviewed and audited at least once a year.

In order to define an emergency management process, insurance providers first need a structured context analysis of their requirements and processes as well as their existing technical and organisational measures.

The focus of the analysis comes through the following questions:

• Which processes and activities are considered time critical?
• Which internal and external requirements are these time-critical processes subject to?
• What are the penalties or damages?
• What threats and vulnerabilities lead to risks?
• Are the existing measures and processes sufficient to establish compliance?

Based on the results of the analysis, it is important to develop a tailored emergency concept with which insurance providers can act quickly and in a targeted manner should they need to. The added value for them is not only that it meets regulatory requirements, but that they can avoid damages or reduce the extent of them, which is a significant economic aspect. A structured emergency and crisis management system also enables insurance providers to protect themselves from the relevant contractual requirements of their stakeholders in terms of liability law.

adesso supports its customers in setting up the necessary structures and concepts, from reactive crisis management to ISO 22301 certified business continuity management.

Arrange a consultation with us to find out more about our practical approach for the insurance industry and our operational expertise in emergency, crisis and business continuity management. We will work together with you to determine your specific requirements using our BCM Quick Check. It is based on proven methods and the specialist knowledge of our experts. Please get in touch with us – we would be happy to assist you so that you are able to act in the event of an emergency.