In the context of the increasing complexity of ICT and frequency of cyber incidents with a material detrimental impact on operations, EIOPA has published a consultation paper on proposed Guidelines on Information and Communication Technology security and governance.
The proposed Guidelines cover matters such as:
- ICT within the system of governance;
- setting and approving ICT strategies; and
- periodic audits (by appropriate independent experts) of firms’ governance, systems and processes for ICT and security risks.
Once finalised, the Guidelines will aim to provide greater certainty to firms and relevant providers on the minimum expected information and cyber security capabilities and avoid potential regulatory arbitrage.
Responses to the consultation are invited by 13 March 2020.