Information systems compliance with the requirements of Solvency II
Every insurance company in order to reduce operational risk to the extent that would allow the capital requirements which are dependent on the operational risks are reduced to an optimum level.
Information technology and information management are at the basis of all modern companies, therefore, key components of IT systems such as application and infrastructure services fall under the operational business risk. Accordingly, the basic requirements are as follows:
- Development of business continuity management plans – critical IT systems must have plans for continuous operation in case of disaster.
- Establishing a management framework for assessing and managing operational risk – the IT system is a critical component of operational risk, so any error in applications and hardware failures on those systems must be treated as an operational risk.
- Internal system audit for managing operational risk – within the IT department, it is necessary to establish the function of internal IT auditor.
- Development of policies, processes and procedures for managing operational risk – IT must implement a framework for managing IT-specific risks (ISO 27001, COBIT). Security policies, procedures and standards are the basis for managing operational risks.
- Identification and assessment of operational risk – Conducting risk assessments related to technology and systems used within the IT sector.
- Regularly monitor operational risk profiles and losses incurred due to the realization of adverse events – it is necessary to define acceptable levels of risk and develop methods of measuring the efficiency of controls that treat risks.
ECS offers the following services regarding the compliance with the Solvency Standard:
- The introduction of business continuity management
- Establishing a management framework to reduce operational risk
- Implementation of controls to reduce risk
- Conducting GAP analysis of the information system