To comprehensively protect sensitive data and information, companies take appropriate protective measures. In many cases, the legislator also imposes specific requirements. For financial institutions, the German Federal Financial Supervisory Authority (BaFin) defines so-called Requirements for IT in Financial Institutions (BAIT), which are based on the specifications of the German Banking Act. These requirements are primarily aimed at the management of financial institutions and intended to increase the transparency of the BaFin requirements for IT security. The main focus is on the secure design of IT systems and associated processes, but also on corresponding requirements for IT governance.
BAIT on the test: What changes for companies?
The ICT Guidelines, with which the European Banking Authority (EBA) published standardized management requirements for financial service providers in the internal market in November 2019, made concrete adjustments necessary. The necessary additions have now been identified in the course of review. These relate in particular to the area of operational information security, but also to the requirements for customer relationships of payment services and emergency management. A central element is and remains a continuous awareness and training program for our own employees and managers. In the light of the latest amendments, this requirement now seems even more important.
Continuous training and awareness raising as a central element
Such an awareness and training program must be appropriately designed and should include in particular the personal responsibilities of employees, but also basic procedures and measures for information security. Professional e-learning solutions are particularly suitable for meeting this requirement of continuous training, because these can be implemented company-wide for any number of participants. In addition – as required by the supervisory authority – the success of the training can be measured directly. With the e-learning Information Security, Security-Island has developed an efficient tool to train central information security topics and support security managers in meeting the new requirements.