A short update blog post:
Earlier this year, in September, I did a blog post about the VAIT. This BaFin document explains the challenges for IT in companies in the insurance industry much more clearly than the original regulatory documents. VAIT ("Versicherungsaufsichtliche Anforderungen an die IT") maps BaFin's requirements to more tangible guidance.
A few days ago, the English translation of this document has been made available. It is described on its announcement page as follows: "The VAIT aims at clarifying BaFin's expectations with regard to governance requirements relating to information security and information technology. These requirements are a core supervisory component in the insurance and occupational pension sector in Germany."
This makes the audience of potential readers of this helpful guide much larger and my challenge to intelligent governance in a multitude of industries all the more important: "Truly proactive CISOs in companies beyond the financial sector will take these as a starting point and challenge to the quality of their own, appropriate security and compliance. Beyond concrete regulatory requirements, but to secure their own company.”