At Munich Re Service GmbH, we focus on measures and practices that safeguard our system's and data's confidentiality, integrity, and availability. 

Vulnerability management

We regularly identify, assess, and mitigate vulnerabilities in our systems and applications through scanning and analysis. Prioritization and addressing revealed vulnerabilities by applying patches or implementing adequate security measures helps us maintain integrity of corporate infrastructure.

Malware protection

To maintain strong defense against malware, we use a range of malware protection measures, which include antivirus software, endpoint protection, and other techniques to detect, prevent, and remove malicious software from computer systems. These measures defend against such types of malware as viruses, ransomware, and trojans.

Security logging and monitoring

We involve continuous analysis of network, system, and application activities to identify and respond to potential security incidents. Through log analysis, intrusion detection, and real-time threat intelligence, we promptly detect and mitigate security breaches or suspicious activities, ensuring the safety of our systems and data.

Event logs like firefighting sessions are logged and recorded. Additionally, such activities' logs are stored separately from the source systems to ensure their integrity and reliability. Technical logs are available on request in well-justified cases such as legal requirements, regulatory audits, security incidents. 

For a detailed information, view the article Identity and access management.

Capacity and performance management

To ensure the efficient and reliable operation of our IT system, we constantly monitor its performance and resources (such as storage capacities). It helps identify congestions or areas of resource contention and make necessary adjustments to meet performance requirements, thus avoiding unintentional downtimes or system unavailability.

Separation of test and production systems

We keep development and testing environments separate from production systems. It ensures that changes made in testing and developing environments do not impact the production environment. Besides, this practice reduces the risk of unauthorized access and accidental data disruptions.

Data backup and restore

Data backups help protect it from corruption or deletion, enabling data restore to a point in time within the configured retention period. For our SaaS solutions, backup minimum requirements are calculated based on the availability level defined by business impact analysis (BIA).

For a detailed information, view the article Business Continuity Management.

Change management

We have implemented an effective change management process to minimize disruptions and maintain constant availability of our services. Change management includes procedures for controlling the installation of software on systems in operation. It covers such activities as data-driven risk assessment, change categorization, approval workflow, application lifecycle management (ALM), implementation, communication of changes, and metrics to measure the impact of changes.